Note: Issuing Office is responsible for documentation of LU compliance with the following statements:
Physically secure all media.
- Store media in a secure location.
Maintain strict control over the internal or external distribution of any kind of media, by doing the following:
- Classify media so the sensitivity of the data can be determined
- Send the media by secured courier or other delivery method that can be accurately tracked
- Ensure department management works with Cashiering and Treasury Services to approve of any and all media that is moved from a secured area (including when media is distributed to individuals)
Note: Cashiering and Treasury Services will maintain a log of media movement for quarterly review.
Maintain strict control over the storage and accessibility of media.
Destroy media when it is no longer needed for business or legal reasons as follows:
- Cross-cut shred hard copy materials so that cardholder data cannot be reconstructed.
- Secure storage containers used for materials that are to be destroyed.
Movement of media between the University’s locations is to be strictly controlled by department management and Cashiering and Treasury Services.
Note: Authorized personnel is management or employees with PCI training and relevant business need. For confirmation as to who is authorized, please contact a member of Cashiering and Treasury Services.
Failure to adhere to this policy could result in disciplinary action up to and including termination.