This is the third part in a series on the path to PCI compliance. Previously, we covered scope and the 12 PCI-DSS requirements. In this part, we will discuss the Self-Assessment Questionnaire, or SAQ, and Attestation of Compliance. We’ll also review how to understand which version of the SAQ you need to fill out. The SAQ is a questionnaire for you to fill out based on your own assessment of how well you are abiding by the 12 PCI-DSS requirements. Your answers to the SAQ become your Attestation of Compliance, or AOC. The aim of the PCI-DSS SAQ and AOC (wow - lots of acronyms there) is to secure card data. In the case of a data breach, or a suspected data breach, in which you are allegedly the source of the breach, you will need to prove - with certainty - that you not only kept to the PCI-DSS requirements, but that you also had no lapses in control. Let’s start by explaining what you can't do when answering questions in the SAQ. You cannot answer 'no' to any question and pass. That is not possible*. For the most part, and generally with very few exceptions, for you to be in compliance you will answer 'yes' or 'n/a.' And with every 'n/a' you must have an acceptable explanation of non-applicability. The acquirer - First Data for NISC Members - decides what is acceptable and what is not. Also, they are the judge and jury for which SAQ you should fill out. There are several different SAQs, and exactly how the card data is captured and processed determines which SAQ you need to fill out. The SAQs vary from the SAQ A with 22-responses to [...]
The Path to PCI Compliance – The PCI Requirements Welcome back to the Path to PCI Compliance. In part one of this series we outlined the very high-level path for attaining and maintaining PCI compliance. With that in mind, let's take a quick run through exactly what the Payment Card Industry Data Security Standards (PCI-DSS) expect of you in order to be compliant. Scope. This is a word that gets included in nearly every conversation about PCI. If not, it should. What is Scope? Here is the official definition: The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data. “System components” include network devices, servers, computing devices, and applications. The PCI-DSS gets pretty technical, so let’s define this a bit further. One of the keys to this definition is "cardholder data environment" or CDE. The CDE is where a credit card number can be found. If it is stored on a server (Think scanned Vault images. Think tape and disc backups. Think call recordings), that server is in scope. If it travels unencrypted across a network segment, that network segment is in scope – including the fireware that controls network access. If a keyboard is used to key in a card number, that keyboard and computer are in scope. All of these in-scope components need to be protected. We protect said in-scope components by way of network segmentation, encryption and restricting access. One early objective of the PCI-DSS is to narrow the scope of the CDE as much as reasonably [...]
Though NISC has always aimed to have a small-company feel, it’s no doubt that we are growing, and our Membership is growing as well. Though each of our four offices are based in the midwestern United States, we represent Members in all 50, as well as American Samoa, Canada and Palau. It’s incredible to see how we’ve expanded to become a true international organization over the course of our 50-year history. Kaua’i Island Utility Cooperative (KIUC) has been an NISC Member for 15 years. Contrasted to the scenery surrounding NISC’s offices, KIUC is engulfed by palm trees and lush greens – an oasis among oasis’s. For Mailer Alfiler, manager of Member Services for KIUC, it’s a scene all too familiar as she was born and raised on the beautiful island of Kaua’i in Hawaii. Despite a five-hour time difference, Maile said receiving support and help from NISC has never been an issue for the co-op. “It’s been a really fluid process managing the time difference,” Maile said. “We certainly prioritize and decide what can wait until the next morning, and what needs to be done now. But the after-hours support at NISC has been readily available to us. In the beginning when we first went live, we were using the after-hours support a lot but now, not so much so.” Just before becoming an NISC Member in 2003, Kaua’i Electric, as KIUC was formerly known, went up for sale with much uncertainty as to what was ahead. “I’ve been working here for 29 years,” Maile said. “We used to be a for-profit owned by Citizens Utilities. Kaua’i Electric went up for sale with the intent for it to become purely a telecommunications company, divesting its [...]
Hello and welcome to the first in a five-part series of blog posts on the topic of PCI-DSS. PCI-DSS is the shorthand for Payment Card Industry Data Security Standard, which is a set of standard security practices put in place to ensure that the acceptance of credit card payments, along with the processing, storage and transmission of credit card data, is done in a secure manner. This series of blogs is meant to help provide some insight on PCI and to help you navigate the path to PCI compliance.
As NISC celebrates 50 years, we celebrate the people who built us – our Members and employees. In that same spirit, it is new minds, ideas and innovations that will usher us into the next 50 years. To commemorate our 50th, NISC’s employees invested in that future workforce through our “Giving 50@50” campaign, and today, we’re seeing the tangible ways those funds are changing lives. The Foundation for Rural Service (FRS) was one organization that received “Giving 50@50” funds. Dedicated to providing educational resources and enhancing the lives of rural Americans, FRS provides grants to rural communities and scholarships for rural youth, encouraging them to build up their communities. Oftentimes, receiving a scholarship can be the deciding factor in whether students are able to afford college. Earlier this month, FRS hosted another successful Youth Tour in Washington, D.C., where high school students from across rural America traveled to our national’s capitol to learn about rural telecommunications and to tell their community’s story. Students are chosen and sponsored by an NTCA member, and are often chosen for their work ethic and success in school. With the funds raised by NISC, FRS was able to honor students across the country for their commitment to leadership and service. FRS recognized five outstanding students with the NISC Leadership and Service Award and a $100 prize. These students were voted on by Youth Tour chaperones and were chosen for showcasing inclusion, kindness and service to others throughout the week. There were also 10 honorable mentions who received $25. “We can’t thank NISC enough for their support of FRS and our mission,” said FRS Executive Director Jessica Golden. “The Youth Tour is an incredible experience for these students, and we were [...]
Each spring, Arbor Day is observed annually to celebrate trees and encourage tree planting. Many communities around the world gather on this day to plant trees and take care of their parks. At the Arbor Day celebration in the new Co-op Park in Shawano, Wis., NISC was awarded the 2018 Commercial ‘Nature’s Friend Award’ by the Shawano Tree Advisory Board for its outstanding property. The facility features a well-manicured lot and an abundance of trees. The Mayor and City Forester of Shawano were pleased with NISC’s mindfulness of nature during the construction of this facility. “We look for outstanding properties, with trees that are taken care of,” said Tree Advisory Committee Chairman Bill Erdmann in explaining how the winners are chosen. NISC employees also appreciate the forest of trees that surround the property. “I especially appreciate the trees in our lot when I sit out on the back patio during lunch,” said NISC Lead Senior Technical Systems Specialist Rich Lemons. “They offer a sense of privacy and a nice escape from nearby traffic. I also enjoy the beautiful scenery and watching the animals, including birds, squirrels, and even an occasional muskrat.” The City of Shawano was given $160,000 by United Cooperative to create Co-op Park, and with the support and donations from other members in the community – like Belmark Inc. and the Shawano Rotary – the park will be undergoing many additions this summer, including a playground as well as a bike path that will connect the park to the adjacent Mountain Bay Trail. “It’s an example of how people in this community work together,” said Park and Recreation Director Matt Hendricks. Like the City of Shawano, NISC truly works together for sustainable development [...]
You don't use a slide rule anymore. Why would you only look at your distribution system using monthly usage data? With NISC Operations Analytics (OA), learn how to leverage interval readings to better manage your distribution system.
Utility broadband is an important topic in the industry, and questions surrounding the rollout and adoption, among other aspects of the technology, are at the forefront of many minds in the utility industry. Maybe none more so than the Boards of Directors at utility cooperatives across the country.
Technology and data are touching all aspects of today’s utility. More than ever, engineering professionals are turning to data to make informed decisions that have significant implications for their systems. NISC is excited to launch NISC Operations Analytics (OA), an integrated platform designed for engineers and system operators of electric systems, to help aggregate and analyze data like never before. OA harnesses the granularity of time-series data, enabling users to look beyond peak system analysis to better grasp real system performance. Working in tandem with EDD’s Distributed Engineering Workstation (DEW), NISC’s OA allows users to pool together large quantities of real data in order to make better-informed estimations and energy consumption predictions. Before deploying OA, NISC Member Verendrye Electric Cooperative was using seasonal models to make its estimations. This process often led to transformer loading and line loss issues and inaccurate equipment sizing. Check out the video to learn more about how OA has helped Verendrye provide better service to members, increase cost savings in their operations and better manage their electrical grid. You can also [click here] to read Verendrye’s NISC Operations Analytics Case Study. With the launch of NISC OA, NISC’s platform of engineering and operations solutions continues to grow. “We strive to come up with innovative solutions to make operational tasks more efficient,” says Todd Eisenhauer, NISC vice president of Strategy and Operations Solutions. “Just recently, NISC celebrated 350 live sites for MapWise, 300 live sites for our Outage Management System (OMS) and 500 live sites for AppSuite. We are extremely grateful for this success, and we look forward to continuing to expand our E&O offerings.” To learn more about NISC Operations Analytics, visit nisc.coop/operations-analytics.
While there is a lot that happens at NISC’s annual Member Information Conference (MIC) each year, the heart of the conference is really one thing: solutions. Whether it’s learning about the latest NISC innovations from NISC staff or hearing from NISC Members on how they solve problems and meet challenges, solutions are at the center of the three-day event. How do you use NISC software to solve problems in your office? What challenges are facing your organization, or your industry, that require a unique solution? Share your solutions at the 2018 MIC by submitting a presentation topic today. Collaboration is a big part of NISC, and the MIC is a great place for idea sharing and helping fellow NISC Members. Your stories help your colleagues get the most out of NISC solutions. They also help NISC understand the benefits of each solution and give us ideas on how we can improve them. If your presentation is accepted, you’ll receive $250 off your registration fee and a small gift. Also, every presenter has a chance to take home a MIC Member Experience Award! For the fourth-straight year, MIC Member Experience Awards will be presented on Day Three to the highest-rated Member sessions as selected by attendees through the MIC app. Winners will receive a customized award with the presenter’s name and session and a special prize. Ideas will be accepted until April 9, so submit your presentation for the 2018 MIC today and #ShareYourSolutions! MIC 2018 | September 11-13 | St. Louis, Mo. Click here to submit your idea!