Data Security Compliance at UMass Amherst
The resources listed below provide information on data security for UMass Amherst technical staff. They are designed to help clarify the often confusing information on data security standards and legislation and to outline the requirements for appling these standards at UMass.
Securing Sensitive Data
Handling Sensitive Data (PDF, 151 K)
The State of Massachusetts has recently adopted a new data security law (Chapter 93H of the Massachusetts General Laws of 2007). To comply with this law, OIT is asking all departments to perform an audit of their systems. Learn more...
This presentation has information about new Massachusetts legislation on data security and what the University has to do in order to comply with these laws.
Payment Card Industry (PCI) Standards
Standards for Processing Transactions with Cardholder Data (PDF, 1.4 MB)
All UMass Amherst campus offices that accept credit card payments or process credit card information are now required to comply with the Payment Card Industry - Data Security Standard.
This presentation is part of the orientation provided to departments on campus that process credit card information. It highlights information on PCI-DSS implementation on campus, such as University policies, standard requirements, and compliance deadlines.
PCI Self-Assessment Questionnaire
This questionnaire is part of the self-assessment process required as part of the requirements outlined in the Payment Card Industry Data Security Standards. It can help you determine how closely your department complies with PCI standards and what your department can do to comply with these standards by the specified deadlines.
