PCI Compliance Team

The university’s PCI Compliance Team supports UCI merchants who process payment card transactions using a UCI merchant ID on campus and at the medical center. The team coordinates the campus PCI Compliance Program and serves in an advisory role to UCI’s executive management.

The team includes representatives from Accounting & Fiscal Services, OIT Security, UCI Health, and UCI Merchant representative. Internal Audit serves on the team in an advisory role, as needed.

Meet The Team

Name Title Department
Carmela Rodriguez Associate Director, Financial Services DFA
Gabe Garcia Manager, IT Data Security UCI Health
Jason Valdry Director of Technology, Claire Trevor School of the Arts UCI Merchant
Josh Drummond* Chief Information Security Officer OIT
Lindsay Carroll* Manager, Payment Services & Compliance, PCI Business Lead DFA
Nick Troup* ISA, Payment Card Solutions DFA
Sandy Olson* Analyst, Payment Card Solutions DFA
Steffani Morales Manager, UCI Health Cashiering UCI Health

* Serve as primary contacts

The main goals of the team are to

  • Provide guidance and ensure PCI compliance is maintained and validated by UCI merchants.
  • Communicate with management and the UC’s Quality Security Assessor (QSA) on all PCI compliance matters.
  • Evaluate payment card systems for data security requirements and appropriate PCI contract language.
  • assist merchants in establishing and maintaining a safe environment for payment card processing, both physically and electronically.
  • Develop data security and payment card policies and procedures.
  • Implement an on-going security awareness education program for the campus and medical center.

Please contact the team with any questions you may have regarding PCI compliance and your payment card processing environment.

UC’s Qualified Security Assessor (QSA)

The University of California maintains a contract with Coalfire as its Qualified Security Assessor (QSA). Coalfire is a cybersecurity advisor that helps private and public sector organizations avert threats, close gaps, and effectively manage risk. They serve as consultants to the PCI Compliance Team when requested and provide guidance to merchants and departments to assess payment card environments that may be questionable or complex in scope.