Scribd
Upload
58 views

E Commerce Policy

CISO Inc.'s e-commerce policy outlines guidelines for accepting credit card payments online to ensure transactions are conducted securely and reliably. The policy applies to all employees and requires that e-commerce websites are either hosted by CISO Inc. resources or by a separate external corporation. Departments are responsible for developing, maintaining, and supporting any e-commerce applications hosted on their internal systems. Failure to comply with the standards may result in loss of IT access privileges or disciplinary action.

Uploaded by

remedina1968
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
58 views

E Commerce Policy

CISO Inc.'s e-commerce policy outlines guidelines for accepting credit card payments online to ensure transactions are conducted securely and reliably. The policy applies to all employees and requires that e-commerce websites are either hosted by CISO Inc. resources or by a separate external corporation. Departments are responsible for developing, maintaining, and supporting any e-commerce applications hosted on their internal systems. Failure to comply with the standards may result in loss of IT access privileges or disciplinary action.

Uploaded by

remedina1968
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

CISO INC.

E-commerce Policy

E-commerce Policy
1. Overview
The Internet is continuing to change the way business is conducted between the CISO
INC. and its customers, as well as between the departments and the CISO INC.'s
centralized business and computer services. The CISO INC.'s customer services and
internal Financial and IT departmental support infrastructure is adapting to this changing
environment. The most common recent request is to accept credit card payments over
the Web. The following guidelines highlight the most critical issue in providing this
service, to ensure that the trusted customers is conducted in the most secure,
confidential and reliable method possible.

2. Purpose
The purpose of this policy is to outline the acceptable use of computer equipment at
CISO INC. (see Scope). This policy is in place to protect CISO INC. and its employees
and business partners. Inappropriate use of information resources exposes CISO INC.
to risks including virus attacks, compromise of network systems and services, legal
issues and much more.

3. Scope
This policy applies to employees, contractors, consultants, temporaries, and other
workers at CISO INC., including all personnel affiliated with third parties or divisions of
the company. This policy applies to all equipment that is owned or leased by CISO INC.

4. Policy
Background Issues: Requirements
All eCommerce Web designs must either be wholly hosted by CISO INC. resources, or
wholly hosted (including the banking relationship) outside of the CISO INC. through a
contractual relationship with a separate corporation. It is not permissible to use CISO
INC. banking resources with an application hosted outside Northwestern CISO INC.'s
network.
The business administrator must review the business case and technical requirements
to assess the budget and administrative impact due to eCommerce activities. The
associated startup and recurring costs include, but are not limited to fees for credit card
transactions, hosting services or equipment costs, HTML and database application
development and maintenance, (24/7) customer support cost increases, the resources to
implement and maintain merchant equipment, and the accounting support to do
reconciliation.
Centrally managed revenues are the responsibility of special central administrative units.
CISO INC. Relations reserves the right to review Web content at any time.
JUNE, 2009

Page: 1

CISO INC.

E-commerce Policy

Generally, only authorized cash collection units may request to become a charge card
Web merchant.
Departmental Web Development and Hosting
All development, maintenance and support of the Web application are the responsibility
of the department. For departments that choose to host their Web application on their

5. Enforcement
Failure to follow these standards may be considered a violation of CISO Information
Technology Policies, which are incorporated by reference. For systems that store,
process, or transmit E-PHI, failure to follow these standards may be a violation of CISO
HIPAA Security Policies, which are incorporated by reference. Violations may result in
loss of access to some or all of CISO IT Resources and/or loss of access privileges to IT
Resources. In addition, violators of these Policies may be subject to criminal and/or civil
penalties and to disciplinary action, up to and including termination.

6. Distribution
This security policy is to be distributed to all employees. This policy is available for public
distribution.

JUNE, 2009

Page: 2

You might also like