Teamwork makes the dream work!
In May 2023, the Treasurer’s Office completed the University-wide PCI (Payment Card Industry) Compliance audit, under the new PCI 4.0 regulations. This process included collecting the self-assessment questionnaires (SAQ) for 312 active merchants and combining these individual reports into one SAQ D. The document was reviewed by our QSA (Qualified Security Assessor) and sent to our processor. This resulted in the University being deemed PCI compliant for the audit review.
In addition, in February 2023, the Treasurer’s Office rolled out a new online PCI Compliance training, which is required at new hire and annually for all employees involved in the credit card process. Our new vendor, Campus Guard, is responsible for creating and maintaining PCI Compliant training modules, which we then upload into our existing LMS systems (Get Inclusive for all campuses except Chan, who uses Skillsoft). The PCI Compliance courses were then pushed out to 963 employees via the HR platforms, allowing learners to log in with their single sign-on to take the training. Since this method is similar to how employees are trained on other compliance matters (ex. Ethics training), the process allowed campus managers and employees to easily track their course completion. As a result, there was a 100% course completion at UMass Chan and 89.5% course completion at all other campuses. This is a great improvement from past years, which lead to fewer employees being removed from the credit card process until they retest and ensuring continued operations within the merchant departments.
A big shout out to Carol Dugard for her assistance with the online training project and LMS process!