This is the third part in a series on the path to PCI compliance. Previously, we covered scope and the 12 PCI-DSS requirements. In this part, we will discuss the Self-Assessment Questionnaire, or SAQ, and Attestation of Compliance. We’ll also review how to understand which version of the SAQ you need to fill out. The SAQ is a questionnaire for you to fill out based on your own assessment of how well you are abiding by the 12 PCI-DSS requirements. Your answers to the SAQ become your Attestation of Compliance, or AOC. The aim of the PCI-DSS SAQ and AOC (wow - lots of acronyms there) is to secure card data. In the case of a data breach, or a suspected data breach, in which you are allegedly the source of the breach, you will need to prove - with certainty - that you not only kept to the PCI-DSS requirements, but that you also had no lapses in control. Let’s start by explaining what you can't do when answering questions in the SAQ. You cannot answer 'no' to any question and pass. That is not possible*. For the most part, and generally with very few exceptions, for you to be in compliance you will answer 'yes' or 'n/a.' And with every 'n/a' you must have an acceptable explanation of non-applicability. The acquirer - First Data for NISC Members - decides what is acceptable and what is not. Also, they are the judge and jury for which SAQ you should fill out. There are several different SAQs, and exactly how the card data is captured and processed determines which SAQ you need to fill out. The SAQs vary from the SAQ A with 22-responses to [...]
The Path to PCI Compliance – The PCI Requirements Welcome back to the Path to PCI Compliance. In part one of this series we outlined the very high-level path for attaining and maintaining PCI compliance. With that in mind, let's take a quick run through exactly what the Payment Card Industry Data Security Standards (PCI-DSS) expect of you in order to be compliant. Scope. This is a word that gets included in nearly every conversation about PCI. If not, it should. What is Scope? Here is the official definition: The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data. “System components” include network devices, servers, computing devices, and applications. The PCI-DSS gets pretty technical, so let’s define this a bit further. One of the keys to this definition is "cardholder data environment" or CDE. The CDE is where a credit card number can be found. If it is stored on a server (Think scanned Vault images. Think tape and disc backups. Think call recordings), that server is in scope. If it travels unencrypted across a network segment, that network segment is in scope – including the fireware that controls network access. If a keyboard is used to key in a card number, that keyboard and computer are in scope. All of these in-scope components need to be protected. We protect said in-scope components by way of network segmentation, encryption and restricting access. One early objective of the PCI-DSS is to narrow the scope of the CDE as much as reasonably [...]
Though NISC has always aimed to have a small-company feel, it’s no doubt that we are growing, and our Membership is growing as well. Though each of our four offices are based in the midwestern United States, we represent Members in all 50, as well as American Samoa, Canada and Palau. It’s incredible to see how we’ve expanded to become a true international organization over the course of our 50-year history. Kaua’i Island Utility Cooperative (KIUC) has been an NISC Member for 15 years. Contrasted to the scenery surrounding NISC’s offices, KIUC is engulfed by palm trees and lush greens – an oasis among oasis’s. For Mailer Alfiler, manager of Member Services for KIUC, it’s a scene all too familiar as she was born and raised on the beautiful island of Kaua’i in Hawaii. Despite a five-hour time difference, Maile said receiving support and help from NISC has never been an issue for the co-op. “It’s been a really fluid process managing the time difference,” Maile said. “We certainly prioritize and decide what can wait until the next morning, and what needs to be done now. But the after-hours support at NISC has been readily available to us. In the beginning when we first went live, we were using the after-hours support a lot but now, not so much so.” Just before becoming an NISC Member in 2003, Kaua’i Electric, as KIUC was formerly known, went up for sale with much uncertainty as to what was ahead. “I’ve been working here for 29 years,” Maile said. “We used to be a for-profit owned by Citizens Utilities. Kaua’i Electric went up for sale with the intent for it to become purely a telecommunications company, divesting its [...]
Technology cooperative’s multi-industry solutions seamlessly integrate with Momentum to offer enhanced broadband services Lake Saint Louis, Mo., July 26, 2018 — National Information Solutions Cooperative (NISC), a leading provider of software and solutions to utility and telecommunication companies, announces a key partnership with Momentum Telecom as part of its overall multi-industry enterprise software solutions offerings. Momentum Telecom, a leading provider of cloud voice, BBX broadband management and support services, offers customizable cloud-based applications, including voice, video and collaboration tools, for direct customers and more than 500 nationwide white label and channel partners. With this collaboration, NISC’s software solutions will integrate seamlessly with Momentum’s cloud-based solutions, offering NISC Members enhanced broadband services and a one-stop-shop for billing, payment and service offerings. “Our partnerships are crucial to providing our Members superior service,” says David Bonnett, NISC vice president of Product Management. “NISC really stands out in the marketplace for a couple key reasons: First, we’re a cooperative; our customers are our Members. We exist to serve, and we work for people, not profit. Second, we serve multiple industries including utility, telecom, broadband and municipal services. And lastly, we offer enterprise-wide solutions, enabling advanced, integrated IT solutions for consumer and subscriber billing, accounting, engineering & operations, as well as many other leading-edge IT solutions.” While NISC will continue to support and integrate with other third-party cloud-voice platforms, the technology cooperative’s preferred relationship with Momentum allows full integration with Momentum’s suite of services. “The integrations, access to the most advanced technology and sharing of knowledge that will come from this partnership is going to truly empower operators to reach new heights and will be a vital key to success in today’s business landscape,” said Tara Kelley, Momentum senior vice president [...]
Hello and welcome to the first in a five-part series of blog posts on the topic of PCI-DSS. PCI-DSS is the shorthand for Payment Card Industry Data Security Standard, which is a set of standard security practices put in place to ensure that the acceptance of credit card payments, along with the processing, storage and transmission of credit card data, is done in a secure manner. This series of blogs is meant to help provide some insight on PCI and to help you navigate the path to PCI compliance.
The technology cooperative has added two Indiana-based utilities to its growing Membership. Lake Saint Louis, Mo., July 18, 2018 — National Information Solutions Cooperative (NISC), a leading provider of software solutions to utility and telecommunication companies, has long been a supporter of the Indiana Municipal Power Agency (IMPA). The IT cooperative continues to strengthen its presence in the region with the addition of Lebanon Utilities in Lebanon, Ind., and Lawrenceburg Municipal Utilities in Lawrenceburg, Ind. “IMPA serves as an energy partner to communities in Indiana and Ohio,” said Jasper Schneider, Vice President of Member & Industry for NISC. “We are excited to help serve this region by offering integrated software solutions that will not only benefit customers in Lebanon and Lawrenceburg but will also make their operations more streamlined and efficient.” Lebanon Utilities (LU) offers electric, sewer and water services to more than 8,800 customers in central Indiana. Additionally, the company manages and operates storm water and telecommunications facilities for the City of Lebanon. LU currently uses NISC’s automated bill printing services and is expanding their use of NISC solutions by implementing the fully integrated enterprise for billing, accounting and operations management. “We realized we needed a modern, robust, fully integrated platform to manage our business more efficiently,” said Sandra Morgan, CFO for LU. “NISC offers a suite of functionality that provides us a one-stop-shop for all our business process needs – including billing for all services, meter data management and an App for field service management. In addition, they offer award-winning support, so we know we will have a lasting, stable relationship.” Lawrenceburg Municipal Utilities (LMU) offers electric, water and waste water services to more than 3,400 businesses and residents in southeastern Indiana. LMU [...]
NISC works closely with the American Public Power Association (APPA) in effort to continually establish our branding, as well as to gain exposure in Growth Markets. Part of our efforts include providing Member featured articles for publication that are industry pertinent, relative to NISC solutions and services. “Bundling broadband with electricity: A Kentucky pioneer’s story” is currently being featured on Public Power Daily ENews for the months of May and June, reaching more than 2,000 APPA Members, with emphasis on TVA.
As NISC celebrates 50 years, we celebrate the people who built us – our Members and employees. In that same spirit, it is new minds, ideas and innovations that will usher us into the next 50 years. To commemorate our 50th, NISC’s employees invested in that future workforce through our “Giving 50@50” campaign, and today, we’re seeing the tangible ways those funds are changing lives. The Foundation for Rural Service (FRS) was one organization that received “Giving 50@50” funds. Dedicated to providing educational resources and enhancing the lives of rural Americans, FRS provides grants to rural communities and scholarships for rural youth, encouraging them to build up their communities. Oftentimes, receiving a scholarship can be the deciding factor in whether students are able to afford college. Earlier this month, FRS hosted another successful Youth Tour in Washington, D.C., where high school students from across rural America traveled to our national’s capitol to learn about rural telecommunications and to tell their community’s story. Students are chosen and sponsored by an NTCA member, and are often chosen for their work ethic and success in school. With the funds raised by NISC, FRS was able to honor students across the country for their commitment to leadership and service. FRS recognized five outstanding students with the NISC Leadership and Service Award and a $100 prize. These students were voted on by Youth Tour chaperones and were chosen for showcasing inclusion, kindness and service to others throughout the week. There were also 10 honorable mentions who received $25. “We can’t thank NISC enough for their support of FRS and our mission,” said FRS Executive Director Jessica Golden. “The Youth Tour is an incredible experience for these students, and we were [...]
Each spring, Arbor Day is observed annually to celebrate trees and encourage tree planting. Many communities around the world gather on this day to plant trees and take care of their parks. At the Arbor Day celebration in the new Co-op Park in Shawano, Wis., NISC was awarded the 2018 Commercial ‘Nature’s Friend Award’ by the Shawano Tree Advisory Board for its outstanding property. The facility features a well-manicured lot and an abundance of trees. The Mayor and City Forester of Shawano were pleased with NISC’s mindfulness of nature during the construction of this facility. “We look for outstanding properties, with trees that are taken care of,” said Tree Advisory Committee Chairman Bill Erdmann in explaining how the winners are chosen. NISC employees also appreciate the forest of trees that surround the property. “I especially appreciate the trees in our lot when I sit out on the back patio during lunch,” said NISC Lead Senior Technical Systems Specialist Rich Lemons. “They offer a sense of privacy and a nice escape from nearby traffic. I also enjoy the beautiful scenery and watching the animals, including birds, squirrels, and even an occasional muskrat.” The City of Shawano was given $160,000 by United Cooperative to create Co-op Park, and with the support and donations from other members in the community – like Belmark Inc. and the Shawano Rotary – the park will be undergoing many additions this summer, including a playground as well as a bike path that will connect the park to the adjacent Mountain Bay Trail. “It’s an example of how people in this community work together,” said Park and Recreation Director Matt Hendricks. Like the City of Shawano, NISC truly works together for sustainable development [...]
Enterprise, Broadband Solutions Becoming More Important to Utility Providers Across the Country Lake Saint Louis, Mo., May 21, 2018 — National Information Solutions Cooperative (NISC), a leading provider of software and solutions to utility and telecommunication companies, has long been a supporter of the Tennessee Valley Authority (TVA) and its members. The IT Cooperative continues to strengthen its presence in the region with the addition of City of Dayton Utilities in Dayton, Tenn., Decatur Utilities (DU) in Decatur, Ala., Murray Electric System (MES) in Murray, Ky. And Sequachee Valley Electric Co-op (SVEC) in South Pittsburg, Tenn. “TVA has been essential to the southeastern United States as an energy provider and partner in economic development,” said Jasper Schneider, Vice President of Member & Industry for NISC. “We’re excited to continue to be the technology partner to SVEC, MES and Decatur Utilities and help them utilize technology that’s critical to their systems and improving the quality of life of their service areas.” SVEC is a distribution cooperative serving more than 34,000 residences and businesses across 3,000 miles of line and 14 substations in southeastern Tennessee. SVEConnect, a subsidiary of SVEC, will provide Fiber to the Home service to the residents of Marion County, Tennessee. SVEConnect will leverage NISC’s experience in the broadband industry to utilize iVUE Connect Service with broadband functionality for their customer care, billing and accounting needs. “We are excited to work with NISC on our fiber deployment,” said Mike Partin, CEO of SVEC. “Having a partner who understands the broadband industry, in addition to the electric industry, is important to us as we begin this new venture. iVUE Connect will make our deployment more efficient for our employees and ultimately our members.” MES offers [...]