PCI Compliance Project Charter
28 Sep 2006
Keep track of major revisions here – for example between reviews
Draft for discussion with wider group of stakeholders
Update: Added names and scope items.
Issued to Steering Committee for approval
Updated version for Approval
Draft Version 1.04 Approved
Charter - PCI Compliance Project Charter Version 1.0
Three sentences: What will be done for whom? How will we know it is completed? How will we
know it is a success?
1. All departments currently receiving and processing payments via credit cards across a
web interface will be provided a central server process and interfacing to assist in
managing those processes in a manner that meets the Payment Card Industry (PCI)
compliance requirements (Appendix One). As a result of this project the University will
have documented its compliance and be able to demonstrate this compliance to the
2. The current process will be modified to allow new merchant account holders to
commence processing credit card payments via a website in a compliant manner.
3. Other merchant Accounts that process credit card payments either in person or via
point-of-sale systems will modify their processes as necessary in order to meet PCI
4. The project will be completed and successful when all merchant account holders
providing credit card processing across are utilizing the McMaster payment processing
server and/or are compliant to the PCI requirements (and audited as such via a third-
What initiated the project?
PCI compliance requirements must be met by Universities by January 1st, 2010. The University