103.0 Policy Guidelines for Electronic Commerce

The policy sets forth policy guidelines for the use of electronic commerce.  It applies to all financial transactions performed using an electronic medium which involve use of Portland State University’s facilities, personnel, or other resources.

PORTLAND STATE UNIVERSITY RESPONSIBILITIES

The university Vice President for Finance and Administration or designee shall have oversight responsibility on their campus for institutional provisions set forth in this policy.

STANDARDS

Consistency and flexibility in electronic commerce business activities is important. The following standards should be followed:

  • PSU shall develop a privacy statement in accordance with the Federal Family Educational Rights and Privacy Act of 1974 (FFERPA). 
  • Accounting practices for electronic commerce transactions shall adhere to appropriate accounting standards as established by the Vice President for Finance and Administration or designee.
  • Financial information transmitted electronically shall be sent using an appropriate level of security. The security technologies used shall, at a minimum, be consistent with standards established by the Oregon State Treasury and meet or exceed common industry standards.
  • Credit card authentication shall be performed through a verification service approved by the Oregon State Treasury.
  • Sensitive data, including social security numbers, credit card numbers, passwords, and any other similar data whose compromise would have a material negative impact, shall be stored in a secure format unless otherwise approved by the institution's Vice President for Finance and Administration or designee.
  • All transactions shall be uniquely serialized and fully journaled to provide a conclusive audit trail.
  • All goods and services provided and received shall be routinely reconciled with the accounting records.
  • All applications shall comply with all current Board and pertinent State of Oregon public procurement statutes, rules, and regulations. Outsourced core applications shall meet the standards specified by the Vice for Finance and Administration or designee. Outsourced peripheral applications shall meet the standards specified by the institution's Vice President for Finance and Administration or designee.
  • In-house applications shall occur on limited access systems rather than on general purpose systems (which may be used for miscellaneous other purposes such as e-mail, web hosting, etc.)
  • All advertising connected with electronic commerce shall be approved in accordance with institutional policies.
  • Electronic commerce systems shall be fully and securely archived.
  • Any effort to divert electronic commerce revenues or compromise systems associated with electronic commerce activities shall be subject to prosecution under Oregon Revised Statues pertaining to theft, alteration of public records, or other applicable laws.
  • PSU shall periodically review this policy for consistency.