TO: Board of Supervisors
FROM: Ryan J. Alsop, Chief Executive Officer
REPORT BY: Andrew M. Mize, Legislative & Policy Analyst
SUBJECT: Adoption of Policy Related to Payment Card Industry Standards & Procedures
RECOMMENDATION
title
Adopt a Resolution creating Section 31F within the County of Napa Policy Manual, for Payment Card Industry information governance, and appointing the Treasurer-Tax Collector as the officer responsible for maintaining the security of payment card industry information received by the County. (No Fiscal Impact; Discretionary)
body
BACKGROUND
The County accepts payment card payments for, among other things, providing certain services. As a condition of accepting payment cards, the County must maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS), published by the Payment Card Industry Security Standards Council, which is enforced through our merchant and payment processing relationships.
PCI DSS requires the County to maintain written policies governing how personnel may use County technology and access payment card data and related systems, including a documented acceptable use policy for end-user technologies. This item adopts a Payment Card Industry Governance Policy (Exhibit A) to formalize current practices, set clear expectations for personnel, and support ongoing PCI compliance activities.
PCI DSS requires the designation of a Payment Card Information Compliance Officer to manage organizational compliance with the standards. Along with the Division of Information Technology Services, the Office of the Treasurer-Tax Collector is primarily responsible for the management of processing of electronic credit card payments. Accordingly, staff recommend the appointment of the Treasurer-Tax Collector to be the County's Payment Card Information Compliance Officer.
Recommended action:
1. Adopt a resolution that:
(a) Amends the County Policy Manual, Part I, by adding a new Section 31F, Payment Card Industry...
Click here for full text