GA-30 PCI DSS Compliance Policy


This policy provides information to ensure Green River College complies with the Payment Card Industry Data Security Standard (PCI DSS). The purpose of the PCI DSS is to protect cardholder data. Any failures to protect customer information may result in financial loss for customers, suspension of credit card processing privileges, fines, and damage to the reputation of the college.  This policy is intended to be used in conjunction with the Green River College PCI Compliance Procedures and Green River College IT-1 Information Technology Security Policy and related procedures.


This policy applies to all faculty, staff, students, organizations, third-party vendors, individuals, systems and networks involved with the transmission, storage, or processing of payment card data (including systems that can impact the security of payment card data).   A list of all employees authorized to collect, maintain or have access to credit card information are described in the Green River College PCI Compliance Procedures. 


PCI DSS: The Payment Card Industry Data Security Standards, which includes technical and operational requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to prevent credit card fraud, hacking and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data.  PCI Standards for compliance are developed by PCI SSC.  PCI-DSS 4.0 is the latest version.

PCI SSC: The Payment Card Industry Security Standards Council defines credentials and qualifications for assessors and vendors as well as maintaining the PCI-DSS. The founding members of the Council: American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.

Cardholder Data: Payment card data includes primary account numbers (PAN), cardholder name, expiration date, service code and sensitive authentication data.


Any proposal for a new process (electronic or paper) related to the storage, transmission or processing of credit card data must be brought to the attention of and be approved by the Senior Director of Financial Services.

All credit card merchant accounts must be approved by the Senior Director of Financial Services. Web payments must be processed using a PCI-compliant service provider approved by the Senior Director of Financial Services.

Credit card information must not be stored on Green River College network servers, workstations, or laptops. Credit card numbers must not be entered into a web page of a server hosted on the Green River College network.

All employees involved in processing credit card payments must be aware of this policy, understand the risks associated with their handling of sensitive information, and complete security training related to handling of cardholder data upon hire and annually, thereafter.

Credit card numbers may NOT be stored in any electronic format for any reason.  Paper documents containing credit card numbers must be securely locked up for as long as they are required for business purposes and securely shredded as soon as their purpose is completed.  In no instance shall this exceed 45 days and should be limited whenever possible to only 3 business days. Secured destruction must be via cross-cut shredding.

Credit card information must not be transmitted via email or other insecure messaging technologies, such as instant messaging.

Neither the full contents of any track for the magnetic strip nor the three-digit card validation code may be stored in a database, log file, or point of sale product.

Green River College will perform quarterly external vulnerability scans to ensure safety of internet-facing components and network.

Third party vendors that process transmit or store credit card information for Green River College must be PCI compliant and approved by the Senior Director of Financial Services.  Third party vendors covered by this policy will be required to conduct their own PCI DSS assessment, and must provide sufficient evidence to Green River College to verify that the scope of the service providers' PCI DSS assessment covered the services provided to Green River College and that the relevant PCI DSS requirements were examined and determined to be in place. Annually, the college will verify third-party vendor compliance by checking the PCI Security Standards website. The current third-party vendors are listed in the Green River College PCI Compliance Procedures. 


Specific Authority:



Law Implemented:

PCI DSS 1.0 December 15, 2004


History of Policy or Procedure:

Draft: March 19, 2021

Adopted: 7-12-2021

Revised: 7-06-2021

Reviewed by: Green River College Business Office

Contact: Shanna Selvar, Fiscal Analyst 4, ext. 6430, Janee Sommerfield, Senior Director of Financial Services, ext. 3306.

President’s Staff Sponsor:  Shirley Bean, Vice President for Business Administration, ext. 3305

College Policies

Board of Trustees

Business Administration

General Administrative

Information Technology

Human Resources


Student Affairs

Title IX Training Documents

Welcome to our Title IX Training Documents section, where transparency meets commitment. We proudly share comprehensive materials rooted in legal compliance and the principles of diversity, equity, and inclusion. These resources, designed for our Title IX Coordinator, are publicly accessible to promote awareness and empower our community. Explore the training documents below to support our commitment to a workplace free from discrimination.

TIX-Advisor Training

Title IX Coordinator 1-Course Slides

TIX-Day 1 Slides-Investigative Report Writing Workshop

TIX-Day 2-April Open Report Writing Workshop

TIX-Investigation 2 Day-Client Class

Title IX in a Post Reg World-Day 1

Title IX in a Post Reg World-Day 2

TIX-Hearings-Day 1 - Oregon Alliance

TIX-Hearings-Day 2-Oregon Alliance

TIX-Aug-Open Training Trauma Informed Investigations Training

TIX-Book T9 Coordinator-2 Day Client Class

General Administrative Policies