Please Feel Free to Contact IT Security at Or Call 271-2476 If You Have Any Questions Or

Name: _____________________________ Date: _____________________

Department: _______________________

Information Technology-Information Security Services is performing a risk analysis on credit card processing system within The University of Oklahoma Health Science Center. We would appreciate it if you could take a few minutes to complete the following questionnaire to aid us in this project.

Please feel free to contact IT Security at or call 271-2476 if you have any questions or concerns.

1. What do you process credit cards for? [Medical Payments, College Courses, Merchandise]

2. Do you use a computer or a credit card swiper to process credit cards?

a. If you use computers please list name of each computer used in the process.

b. If using a computer please list any software applications and vendors used and their role.

3. Do you accept payments over the phone, fax, or -email?

a. If accepting by phone do you write the numbers down on anything before keying it into the computer or terminal device? [Please give example]

b. What do you do with this medium (paper, notepad, etc) after the credit card has been processed?

4. Who all has access to the credit card information? [Please list names and Duty Title]

5. Do you have a training, education and awareness course that users complete prior to handling credit card data and annual refreshers?[Please explain]

6. Do you have anything specific you would like Information Technology to asses during this Risk Assessment?