PCI compliance and institutional oversight for all University merchants is a joint effort managed by ISPO and Treasury Operations. University merchants whose needs cannot be met through an approved payment acceptance method must provide business justification for use of a third-party product and obtain approval via the Security Review Process before acquiring an alternative system. A security review must be completed using the Security Review Process.
