Community

Action Needed in Dec 2021 – Employee Identification for PCI Required Training Fiscal Year 2022

By Lucy

Information for Supervisors and HR Representatives with the Participant Liaison role — 

PCI Technical training for Fiscal Year 2022 is now available for employees who are required to complete the training. On 12/20/21, all required employees will be registered for the training and sent an email notification with access instructions, and a reminder that their upcoming annual due date is 1/31/2022. 

As a Supervisor with employees that may be subject to this requirement, you need to review and verify that your employees are correctly identified within the REPORTER system.  

Who is subject to the requirement? Staff who must undergo this training have involvement with systems that are in the Cardholder Data Environment or Connected Systems. This includes systems such as DNS, Active Directory, Splunk, as well as any servers with payment links, such as web servers, and physical and logical networks and firewalls that serve those systems. 

Using the instructions provided below, you need to log into the REPORTER system to see which of your employees are currently assigned and fully verify whether anyone should be added or removed. You are advised to complete this review by 12/20/21, after which users who are unassigned and haven’t completed the course will need to cancel their registration if they wish to remove the course from their REPORTER dashboard. 

  • Employees who were required to complete PCI Technical Training for Fiscal Year 2021 are still assigned and will require no action on the supervisor’s part. 
    • Supervisors will only need to assign new employees or employees with position changes that now require the training. 
    • Supervisors are advised to unassign employees from training when completing offboarding, but if a separated employee is still assigned, the supervisor should unassign them at this time.
  • Terms to know:
    • Assign – Formally identifying a user using REPORTER to indicate they are required to complete a specific course or course(s). 
    • Unassign – Using REPORTER to indicate a previously assigned user is no longer required to complete the training.
    • Due Date – The date by which required users need to complete the required training by. Date and completion will determine which compliance emails a user receives.
  • If needed, a static document with records last updated on 12-1-21 at 10am is available to see the status of employees’ PCI Technical assignment — again, this data is a snapshot and will not reflect the most recent records: PCI Data Snapshot for Identification
    • Tab 1: Active OIT Employees– Intended for use by Supervisors whose employees work under the division OUC ‘51’
    • Tab 2: Currently Assigned Users NOT Under ’51’ – Intended for use by Supervisors with employees who do not have a job under the division OUC ‘51’ (OIT)

— Instructions Start Here — 

To see up-to-date records of who is assigned to PCI Technical Training follow these steps:

1). Login at go.ncsu.edu/REPORTER

2). From the Home page, select the tab labeled “My Team”

3). Locate the panel on this tab labeled “Direct Reports”, and click the green button labeled “Refresh”

4). Once the page has reloaded, select the option at the top of the My Team tab labeled “Requirements”

5).A dropdown menu should open, from there select ‘Manage Requirements’, which will bring you a page listing compliance requirements that employees who report to you are assigned as required to complete. 

6). Click on the panel that shows the name of the training requirement, FIN – PCI Technical Security Awareness Training, it should expand a description of the requirement

* If needed, use the empty ‘Search’ field seen on the ‘Assignments by Requirement’ tab of the page to refine the list of requirements displayed (enter: ‘Technical’)

7). Under the description, locate and select the panel labeled “Assignees”.  You will be shown a list of people that report to you (directly or through a direct report) who have been identified as required to complete the training. 

⭐ Go to video demo of steps 1 – 7 ⭐

⭐ Additional Help Documentation: See Assigned Training  ⭐

8). Using the list and the following details, identify and update employees so that all those required have been identified, and that only those who are required are assigned.

» Should anyone be unassigned?
When seeing who is currently assigned, be sure to make note of anyone that is no longer required to complete the training. If Yes, an employee listed as assigned is not required to take the training, you will unassign them using REPORTER. 

⭐ How to Unassign ⭐

If anyone is no longer required to complete this training, select the ‘Unassign’ option from that person’s record — start from step 5 of “Managing Employees: Assign Training as Required”. Otherwise, if everyone who is assigned should remain assigned, do not unassign anyone.

» Have all required employees been assigned?
When reviewing who is currently assigned, you will need to confirm that all of your reporting employees that are required to take the training has been assigned the requirement. If Yes, an employee is not listed as assigned but is required to take the training,  you will assign them using REPORTER. Otherwise, if everyone who is required has been assigned, no additional action is needed. 

⭐ How to Assign ⭐

If anyone is missing from the list of ‘Assignees’ you need to use “Assign Others” to identify those employee — start from Step 5 of “Managing Employees: Removing a Training Requirement (Unassign).

Additional Relevant Resources