Skip to main contentSkip to main navigationSkip to footer content

PCI Policy and PCI Training Requirements

Policy Purpose

This policy defines PCI compliance and the training requirements for users that handle credit/debit cards on campus.

Policy Statement

It shall be the policy of the University of Arkansas-Fort Smith to follow PCI-DSS requirements for the UAFS campus to be PCI compliant. 

Applicability

This policy applies to all University employees, students, guests, contractors, and vendors.

Definitions

None Applicable

Policy Procedure

PCI Network Usage:
1. UAFS wireless – The campus wireless is NOT PCI compliant. You cannot use the UAFS campus wireless to process debit/credit cards transactions.
2. UAFS wired network – The campus network is only PCI compliant when using PCI approved devices that have been preconfigured by the IT department on the university network.
3. On campus/Off campus wireless – You can use a telephone wireless data plan or hot spot to process debit/credit card transactions on campus or off campus. The PCI compliance would not be on the university, but on the telephone wireless carrier (AT&T, Verizon, T-Mobile, etc).
Training:
1. Anyone who operates POS devices that traverse the University’s network are required to go through annual PCI security training.
2. Managers with direct responsibility for supervising personnel who use POS devices are to ensure that those personnel complete annual PCI training.

Enforcement

The Office of the Vice Chancellor for Finance and Administration will send a reminder via email to all faculty and staff approximately 30 calendar days prior to the annual deadline for the completion of training, which is due every February 1st.

Policy Management

This policy is managed by the IT department. The IT Director and appointed IT personnel are the primary administrators of this policy. The responsible executive is the VCFA.

Exclusions

None Applicable

Effective and Approved Date

This internal policy was approved by Brad Sheriff/ VC of Finance and Administration on 1/17/2018

Last Updated

10/3/2025 – Reformatted for accessibility by Terry Meadows Director of IT/CIO