Current Version Approved: April, 2011
Primary Responsible Office: Assistant Vice President for Finance
Secondary Responsible Office: Assistant Vice President for Information Technology
This policy outlines the criteria for James Madison University to ensure all university E-Commerce applications have been approved, implemented and maintained in conformity with applicable federal and state laws and regulations and university policies.
The Board of Visitors has been authorized by the Commonwealth of Virginia to govern James Madison University. See Code of Virginia section 12-164.6;23-9.2:3. The board has delegated the authority to manage the university to the president.
Financial transactions involving the sale of merchandise or services by departments or student groups or the receipt of contributions to the university over the Internet.
E-Commerce Oversight Committee:
A group that is jointly appointed by the AVP for Technology and AVP for Finance and charged with establishing parameters for JMU E-Commerce applications.
This policy applies to all university E-Commerce. It applies to all employees and students engaged in such practices.
It is the policy of the university to initiate adequate controls when implementing and maintaining E-Commerce. These controls will ensure compliance with state cash management requirements and provide assurance that university and customer financial information is properly secured. No new or revised E-commerce activities shall be established without prior written approval by the AVP for Finance.
Sale of university merchandise or merchandise bearing the university name or logo on the Internet requires prior approval by the AVP for Business Services.
Fundraising in the name of the university, including collecting contributions on the Internet, requires prior approval by the Senior Vice President for University Advancement.
University departments and organizations shall prepare and submit an application for new or revised E-Commerce activities to the AVP for Finance. The department head or director is responsible for the submission of the E-Commerce activity application. The application is attached as appendix A. Until approval is received from the AVP for Finance, no procurements may be completed and no E-commerce activity may begin.
The assistant vice president for finance shall review and evaluate the application for all university e-commerce business activities in accordance with this policy and shall make final recommendation to the Senior Vice President for Administration and Finance as to authorization of requested e-commerce business activity.
This policy also places responsibility on department heads and directors to 1) operate within the parameters specified by the E-Commerce Oversight Committee, 2) require appropriate computer use as specified in JMU Policy 1207: Appropriate Use of Information Technology Resources and 3) require appropriate information security as specified in JMU Policy 1204: Information Security and the Payment Card Industry Data Security Standards (PCI DSS) as specified by the PCI Security Standards Council. Reference the current PCI Data Security Standard.
Sanctions will be commensurate with the severity and or frequency of the offense and may include termination of employment.
The assistant vice president of finance will terminate the e-commerce business activity if it does not comply with the requirements of this policy.
Authority to interpret this policy rests with the president and is generally delegated to the assistant vice president for finance.
Previous Version: January, 2010
Approved by the President: October, 2005