Introduction
This Incident Response Plan defines what constitutes a security incident specific to the OUHSC cardholder data environment (CDE) and outlines the incident response phases.
For the purpose of this Plan, an incident is an event in which cardholder data in any format — physical or digital media (truncated card numbers are not card holder data) — has been or is believed to be lost, stolen, or accessed by an individual unauthorized to do so.
This Incident Response Plan is dependent upon the merchant and/or CDE Resource and Data Owners being compliant with the Payment Card Industry Data Security Standard (PCI DSS) and all applicable OUHSC IT Security policies.
This Incident Response Plan will be reviewed and tested annually by the PCI Governance Group to account for changes to\updates in the environment and\or industry trends.
