We are a bit behind in completing PCI Compliance. In working out the process we have a few questions as to how other organizations addressed this process. What department of your organization is responsible for the oversight/direction/guidance for PCI Compliance (Finance, IT, Administration, etc)? And is that department also responsible for costs incurred/associated with PCI Compliance? Does your organization have a separate PCI specific policy? Or are the policy components incorporated into other policies? Do you have a policy/policies you would be willing to share? Did your organization use a 3rd party vendor to assist with the PCI compliance process and certification? If so, what is the name of the company you used? I appreciate any information and guidance you can provide, as well as direction to any resources you have used that helped with this process. Thank you, Sheri ____________________________________ Sheri Cleveland Network Administrator City of Redmond P: 541.923.7766 F: 541.548.0706 DISCLOSURE NOTICE: Messages to and from this e-mail address may be subject to Oregon Public Records Law.