OUR WEB SITE MAY BE DOWN - IF YOU NEED ASSISTANCE WITH CONTRACT ORDERS CONTACT EILEEN WAGDA AT 516 747 6700.  SHOULD BE UP AND RUNNING TODAY

*******************
Question
*******************
Ken,
A quick inquiry on the last page of the Standard Form All in One Contracts:  as far as the information for the ACH or credit card payment information listed on the last page, are there any
compliance issues that need to be addressed as far as privacy?  Do these have to be placed in a locked cabinet, etc.?   I know  there are requirements for the handling of this information and wondered if we have it listed on the contract instead of separate do we need to do follow any "requirements" as far as storing them?
Thank you,
Peggy
******************
Answer
******************
    I asked Tom Aronica from SkyBank Financial to answer this one.  Here is his response:
***
Ken
    The "privacy" requirements Peggy is referencing is called the Payment Card Industry Data Security Standard (PCI-DSS).  Every business owner that processes a credit card or ACH transaction is required each year to validate with their processor their compliance of the DSS.  This can be an arduous process without guidance, as there are 12 requirements that need to be met and reading through them is not for the faint of heart.
    Part of the validation process is to complete a Self-Assessment Questionnaire (SAQ) based on how you process cards and store data.  There are different SAQ's for different types of processes, and just figuring out the correct one to fill out can be cumbersome. 
    All of the SAQ's, except SAQ A, contain Section 3, which refers to protecting cardholder data.  What's important to keep in mind here that these sections reference the ELECTRONIC storage of cardholder data, while it seems Peggy is asking more about paper storage.  I've attached a fact sheet which lists which can be stored and what cannot, however they can also go to
https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf
and look at Page 18 - Implement Strong Access Control Measures, which is more about
paper storage.

    The key components here to keep in mind are:
- Access to paper storage must only be granted on a "need to know" basis
- Physical access control entails the use of locks or restricted access to
paper-based cardholder records
- Ensure that management approves any and all media moved from a secured area,
especially when media is distributed to individuals

    At SkyBank Financial, we pride ourselves on having the highest compliance rate in the industry, and as such we can assist anyone in validating their compliance and developing the proper protocols to safeguard their client's data.   For anyone wishing to have a PCI audit as well as learn about the additional features and benefits of processing with SkyBank, please have them submit a request online at https://www.skybankfinancial.com/kirschenbaum.php or they can call Jordi De Joseph,our VP of Strategic Partnerships, at 800-917-9980.

Best Regards,
Thomas J. Aronica, CPP, President / CEO
Miami Shores, FL 33138
D: 786-360-6391
O: 800-617-9980 x601
taronica@skybankfinancial.com
www.skybankfinancial.com
***************************
follow up on GPS tracking on company vehicles from August 16 2014 article
***************************
Ken
    To solve the GPS problem cheaply we installed GPS apps on our company phones.  Not the best solution as some employees had problems with this because they would use the phones in off hours (we allow this as a perk). But, the app is free as is the locating service.  Our dispatcher can then at least see where the tech is and coordinate accordingly. 
    Like I said, not as good as the full blown vehicle  GPS systems, but it is free.
Leo
*********************
Ken
    We use SageQuest (now fleetMatics I believe). It integrates with our software (SedonaOffice by Perennial Software ). You can also have Garmin units in the vehicles that are powered by truck battery and connected to SageQuest units so you can message the Garmin directly and send stops to it. For reports you can run reports tied into the ticket information, early start, late start, speeding reports, and severe driving reports. You put your vehicle vin in and if you tie it to a gas card you can have it alert you to someone putting more gas in than the vehicle has used or can fit (for people filling up family and friends with your company credit card). This can also alert you to poor gas usage on a vehicle that might be having mechanical issues. We pay $45 per month per vehicle. That included equipment and install. 
    We use the GPS to keep track of when vehicle service is due as well. It sends a text message to the tech assigned to the vehicle as well as a report to management. 
Donnetta Byrd
*********************
Ken
    Regarding GPS tracking, we use UplinkGPS Tracking.  Installation is pretty simple, mostly just plug the device into the OBD2 port on your vehicle.  Cost is about $20 per unit per month.  Callup on demand, plus periodic automatic updates. Accuracy is very good, sometimes to the exact parking spot in the lot.  Website is also optimized for mobile viewing.  Highly recommended. 
Dan Zeloof
Security One, inc. 
****************************

TO SUBMIT QUESTIONS OR COMMENTS REPLY TO THIS EMAIL OR EMAIL Ken@Kirschenbaumesq.com.  Most comments and questions get circulated.

*********************************

                               Speaking Engagements
If you would like to schedule a free live video/webinar presentation for your association meeting or event contact Eileen Wagda at 516 747 6700 x 312.

******************************

 

Alarm Association of Greater St. Louis.   September 16, 2014.  at Tech Electronics HQs office at 6437 Manchester  Ave, St. Louis, MO 63139.  Meeting is from 11:45 – 1:30  Video conference presentation starting at 12:15 CST.  For more information or to register contact Tony Drago adrago@tyco.com  www.alarmstl.org
********************
NYSESA - September 17, 2014 at Honor's Haven Resort, Ellenville, NY.  This is the NYS Electronic Security Assoc annual meeting.  Presentation on updated contracts and current legal issues will be at 10:30 AM.  For more information or reservations contact Dale R. Eller, Executive Director (814) 838-0301  dalereller@itzsolutions.com
***************
Texas Burglar and Fire Alarm Association.  October 1 - 4, 2014,  annual convention at San Luis Resort Spa & Conference Center, Galveston, TX.  Register here:  http://tbfaa.org/tbfaa-2014-convention-trade-show-attendee-registration/
For more info contact Debi at 281-859-4569.  Brad Shipp, Executive Director
*****************

Alabama Alarm Association.  AAA's Fall Meeting and Trade Show - October 21, 2014 from 3 to 5 PM at DoubleTree Hotel 808 South 20th Street Birmingham, AL 35205  for more info contact AAA Executive Director: director@alabamaalarm.org  (205) 933-9000 

*********************