PCI Associate Cardholder Data Declaration

Central Process Repository Document: SGLOBALSECFRM010

INTERNAL USE ONLY
Author: Tony LUCAS Updated by: Kerry Brine
Release Date: 20 Jan 2014 Last Reviewed: 20 Jan 2014
Status: Final Owner: Operations
Version: V1.1 Custodian: Function Operations
Filename: SGLOBALSECFRM010 - PCI Page 1 of 5
Associate Cardholder Data Declaration

EXPLORE OUR WORLD

PCI Associate Cardholder Data Declaration

Document Version: Issue 1.1

Date: December 2014
Central Process Repository Document: SGLOBALSECFRM010

PCI Associate Cardholder Data Declaration

INTERNAL USE ONLY
Version: V1.0 Page 2 of 5

Contents
DOCUMENT CONTROL PAGE ..................................................................................................3
1.1 DOCUMENT IDENTIFICATION ............................................................................................. 3
1.2 AUTHORISATION........................................................................................................ 3
1.3 HISTORY ............................................................................................................... 3
2 INTRODUCTION ...........................................................................................................4
2.1 PURPOSE .............................................................................................................. 4
2.2 SCOPE ................................................................................................................. 4
3 INSTRUCTION .............................................................................................................4

4 COMPLIANCE ..............................................................................................................4

5 EXCEPTIONS ..............................................................................................................4

6 DECLARATION ............................................................................................................5

CONTROLLED DOCUMENT – UNCONTROLLED IF PRINTED OR COPIED FROM CENTRAL PROCESS

REPOSITORY (SHAREPOINT)
Central Process Repository Document: SGLOBALSECFRM010

PCI Associate Cardholder Data Declaration

INTERNAL USE ONLY
Version: V1.0 Page 3 of 5

DOCUMENT CONTROL PAGE

1.1 Document Identification

Title PCI Associate Cardholder Data Declaration

Version: 1.0 Creation Date: 20 Jan 2014

1.2 Authorisation

Authored by: Kerry Brine Effective Date: 20 Jan 2014

Authorised by: Jon Staniforth Effective Date: 20 Jan 2014

1.3 History

Version Date Author Description

0.9 18/12/2008 Tony Lucas Draft

1.0 23/12/2008 Tony Lucas Final
1.1 20 Jan 2014 Kerry Brine Final

CONTROLLED DOCUMENT – UNCONTROLLED IF PRINTED OR COPIED FROM CENTRAL PROCESS

REPOSITORY (SHAREPOINT)
Central Process Repository Document: SGLOBALSECFRM010

PCI Associate Cardholder Data Declaration

INTERNAL USE ONLY
Version: V1.0 Page 4 of 5

2 INTRODUCTION
2.1 Purpose
To ensure that authorized associates only obtain from customers or process customer
payment card information within defined applications and tools or in accordance
with defined processes. Associates authorized to undertake such activity are
required to sign the attached declaration by way of compliance.

2.2 Scope
This declaration covers all associates working within an operational area, where
payment card information is processed, who are defined as being responsible for the
processing of payment card information as part of their role.

3 INSTRUCTION
It is the responsibility of the Operations Manager within each client program to
ensure that all declarations are completed by all authorized associates. It shall be a
condition that this declaration is signed and returned to the Operations Manager in
advance of completing training. Once signed the declaration shall be retained in the
employees personnel file.

Operations Managers shall be responsible to maintain a summary record of all

associates within their client program detailing the name and date of signing of each
associate declaration. Records shall be maintained and made available for audit upon
request.

4 COMPLIANCE

Compliance with this instruction is mandatory and is subject to independent review

by both internal and external parties. Violations of this policy will be subject to
disciplinary action and/or governing contract in the case of 3rd parties. Violations will
be investigated and may result in enforcement of relevant contractual terms,
disciplinary action, up to and including termination.

5 EXCEPTIONS

Cases for exceptions to this instruction may be made upon application. A

documented exception will only be considered for a specific operational or functional
area and for a defined timeframe. All exceptions will require completion of a risk
assessment and formal risk acceptance by relevant and impacted management.

Any approved exception, shall be documented and appropriately authorized in

accordance with the defined and authorized exception process.

CONTROLLED DOCUMENT – UNCONTROLLED IF PRINTED OR COPIED FROM CENTRAL PROCESS

REPOSITORY (SHAREPOINT)
Central Process Repository Document: SGLOBALSECFRM010

PCI Associate Cardholder Data Declaration

INTERNAL USE ONLY
Version: V1.0 Page 5 of 5

6 DECLARATION

Jorge Andres Avendaño Carabali

I _____________________(print full name) confirm my understanding of the defined
agent
processes and procedures, applications and tools provided to fulfil my role as an _____Job
FEDEX WV 41A within the FEDEX client program and within
Role as per Job Description________________
my responsibilities, understand that I shall only request, view, store, process, transmit or
destroy customer payment card information, in accordance with defined processes and
that I shall make no attempt to use the tools and permissions assigned to me for anything
other than authorized purposes.

I understand and agree that any unauthorized activity relating to the use of login accounts
for client or Sitel applications/tools issued to me or the unauthorized removal or
destruction of information will constitute an unauthorized act.

Compliance with this instruction shall remain in place unless formal written authorization
from the Operations Manager of the FEDEX client program or a change of role that
formally removes the need for this instruction to be in place.

I acknowledge that if I break this agreement, or any operational procedure without

written authorization, I will be subject to disciplinary action and this may lead to
termination of employment and/or legal action.

I confirm that I understand my responsibilities with respect to the applications and tools
that I use and the procedures and processes that I am requested to follow.

Signed ___________________ Jorge Andres Avendaño Carabali

Name (Print):________________________________

20/05/2021
Date: _________________ FEDEX WV 41A
Client Program: ______________________________

Cali,Valle del Cauca

Location: ___________________________________

CONTROLLED DOCUMENT – UNCONTROLLED IF PRINTED OR COPIED FROM CENTRAL PROCESS

REPOSITORY (SHAREPOINT)