TO: Board of Supervisors
FROM: Ryan J. Alsop, Chief Executive Officer
REPORT BY: Andrew M. Mize, Legislative & Policy Analyst
SUBJECT: Policy Section 31A Addendum for Payment Card Information
RECOMMENDATION
title
Adopt a Resolution appending an addendum to the County of Napa Policy Manual, Section 31A, for Payment Card Information, and appointing the Treasurer-Tax Collector as the officer responsible for maintaining the security of payment card information received by the County. (No Fiscal Impact)
body
BACKGROUND
The County accepts payment card payments for, among other things, providing certain services. As a condition of accepting payment cards, the County must maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS), published by the Payment Card Industry Security Standards Council, which is enforced through our merchant and payment processing relationships.
PCI DSS requires the County to maintain written policies governing how personnel may use County technology and access payment card data and related systems, including a documented acceptable use policy for end-user technologies. This item adopts a Payment Card Information Addendum (Exhibit A), to the County's Information Technology Use & Security Policy to formalize current practices, set clear expectations for personnel, and support ongoing PCI compliance activities.
PCI DSS requires the designation of a Payment Card Information Compliance Officer to manage organizational compliance with the standards. Along with the Division of Information Technology Services, the Office of the Treasurer-Tax Collector is primarily responsible for the management of processing of electronic credit card payments. Accordingly, staff recommend the appointment of the Treasurer-Tax Collector to be the County's Payment Card Information Compliance Officer.
Recommended action:
1. Adopt a resolution that:
(a) Amends the County Policy Manual, Part I, Section 31A by appending a Payment Card Infor...
Click here for full text