University of Alaska Anchorage

PCI Security Agreement Form

This document is an agreement between the University of Alaska Anchorage and the undersigned employee.
The undersigned agrees to meet the requirements and standards outlined in section P-13 of the Accounting and
Administrative Manual in order to maintain PCI compliance for the University of Alaska Anchorage. Failure to
follow the standards may result in the suspension of credit card processing privileges.

Access Control Measures:

____Yes ____No Are access rights for privileged user IDs restricted to least privileges necessary to
perform job responsibilities?

____Yes ____No Are all paper and electronic media that contain cardholder data physically secure?

____Yes ____No Is strict control maintained over the internal or external distribution of any kind of media
that contains cardholder data?

____Yes ____No Is the media classified so it can be identified as confidential?

____Yes ____No Is the media sent by secured courier or other delivery method that can be accurately
tracked?

____Yes ____No Are processes and procedures in place to ensure management approval is obtained prior
to moving any and all media containing cardholder data from a secured area (especially
when media is distributed to individuals)?

____Yes ____No Is strict control maintained over the storage and accessibility of media that contains
cardholder data?

____Yes ____No Is media containing cardholder data destroyed when it is no longer needed for business or
legal reasons?

____Yes ____No Are hardcopy materials cross-shredded, incinerated, or pulped so that cardholder data
cannot be reconstructed?

____Yes ____No Are containers that store information to be destroyed secured to prevent access to the
contents? (For example, a “to-be-shredded” container has a lock preventing access to its
contents.)
 By signing below, I acknowledge that I have read and understand the University of Alaska Administrative
Policy of Payment Card Industry (PCI).

I, ______________________________, on this _____ day of ________, 20___, agree to follow the standards
outlined in C-13 of the Accounting and Administrative Manual and adhere to all security standards in order to
maintain PCI compliance. Furthermore, I understand that failure to maintain the above standards may result in
the suspension of credit card processing privileges.

_______________________________ ____________________________ __________

Printed Name Signature Date

Department: _________________________ Phone: __________________

Definitions:
Cardholder Data: The Primary Account Number (PAN) by itself, or in conjunction with the cardholder name, expiration date,
cardholder address, cardholder social security number, or any other type of cardholder identifying information.
Media: Objects on which data can be stored, including, but not limited to: computers, servers, removable electronic media,
networking and communications hardware, telecommunications lines, paper receipts, paper reports, and faxes.
Primary Account Number (PAN): The card number that identifies the issuer and the particular cardholder account.
Processing: The use of a computer system to process a credit card transaction on the University of Alaska network.
Storage: The use of any media to store cardholder data on the University of Alaska network.
Transmittal: The use of a computer system to transmit a credit card transaction on the University of Alaska network.

Email the completed and signed document to uaa_cashiering@uaa.alaska.edu