Authorizing Third Party Service Providers in Compliance with Payment Card Industry Data Security Standards (PCI DSS)

OFFICE OF RECORD: Business Office
ISSUED BY: Vice President for Business Affairs
APPROVED BY: Douglas D. Knowlton, Pres
EFFECTIVE DATE: 11/01/2010                                                              01-12-03

01-12-03

Purpose

In accordance with Payment Card Industry Data Security Standards (PCI DSS) requirements, Dakota State University has established formal procedures regarding the addition of an authorized third party service provider. This policy will be evaluated on an annual basis.

Scope

This policy applies to the addition of any third party service provider to the list of authorized service providers.

Policy

To add a new Service Provider, a department must:

  1. Discuss the reasons for adding the Service Provider with the Controller or Vice President for Business Affairs.
  2. The credentials of the Service Provider must be researched. To be considered, the Service Provider should be a Level 1 processer and be named on the list of processors approved by Visa and Mastercard.
  3. Obtain a copy of the proposed contract from the Service Provider.
  4. Submit the contract to the Controller and Vice President of Business Affairs for review.

Last Updated: 1/24/12