Get documents about "Master Services Agreement Hosting
W
Description
Master Services Agreement Hosting document sample
Document Sample
Revised May 2007
Project Plan for Implementing
Common Payment Service
For Either
Merchant Cards
Or
Electronic Funds Transfer (ACH)
Instructions
This project plan identifies the tasks necessary to implement Common Payment Service (CPS) as part of your organization's business
solution. A separate plan is available on the SECP Website for those entities that do not utilize CPS for either ACH or Merchant Cards
Processing.
There is a project plan for implementing "Merchant Cards" as well as "ACH Implementation." (See each tab below.) Each plan is formated
such that your organization's tasks and deliverables are identified in columns C, D and E. Those tasks and deliverables for which OSC and
ITS are responsible are identified in columns F, G and H.
Prior to completion, information on OSC's Website should be reviewed. http://www.ncosc.net/SECP/EPP_Index.html
The plan is also outlined in Power Point Presentations found on OSC's SECP Website.
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
OSC provides updated Website information
1 Idenfify EFT Project OSC
and answers any questions asked.
1.1 Review information on OSC's SECP Website Review presentations, policies, agreements, and forms
Identify Outbound or Inbound payments, authority, and if
1.2 Idenfity potential payment applications
mandatory or voluntary participation
Identify system for payee/payor database for associated
1.3 Determine systems for database maintenance
bank account information
1.4 Determine method of ACH file transmission Identify method of creating and submitting files.
Identify work to be performed, resources needed,
1.5 Develop internal statement of work Statement of Work
security measures, timeframes, etc.
Request Pre-Project meetings for discussions. Topics
OSC
1.5a Obtain assistance from OSC and/or CPS include security requirements; source of application OSC & ITS meets with Agency
ITS
servers; involvement of ITS.
Cost-benfit analysis Includes costs of development and
1.6 Assess feasibility of implementation Cost-benefit analysis
ongoing operation maintaince.
1.7 Obtain management approval for project Consider cost-benefit analysis, staffing, and funding Project Plan
Enroll with ITS Project Portfolio Management (PPM), if
1.8 Obtain ITS Project Management Office approval
applicable
1.9 Determine if convenience fee will be levied. Consider OSC policy and obtain approval from OSBM
Other
2 Execute Enrollment Forms OSC provides all forms on Website OSC
2.1 Master Services Agreement (MSA) Review MSA. Legal should review agreement
2.2 Agency Participation Agreement (APA) Execute APA. Legal should review agrrement APA OSC approves or disapproves participation OSC
2.3 EFT Participant Setup Form Execute Participate Setup Form - by Chief Fiscal Officer Setup Form OSC processes form with DST & Wachovia OSC
OSC adds the contact to the SECP Email
OSC
Contact List
3 OSC Acts on Enrollment Forms
OSC processes agreements with DST and
3.1 Agency Participation Agreement (APA) OSC
Wachovia, & distributes
3.2 EFT Participant Setup Form OSC processes form with DST and Wachovia OSC
If OSC is Admin for Wachovia Connection,
agency users are set up, and users are notified OSC
of their UserID and initial password.
4 DST Acts on Enrollment Forms
4.1 Agency Participation Agreement (APA) DST executes APA DST
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
DST authorizes Wachovia to establish
4.2 EFT Participant Setup Form DST
settlement and Returns account
DST determines if it will pay fees for bank
DST
account
If inbound transactions, establishes CIT
account on CB$ and maps the ZBA account
DST
number when received from Wachovia, if State
agency
If outbound transactions, establishes Electronic
CB$ Request For Electronic Warrant template on CB$, and sets up
4.3 CB$ Electronic Warrant Template Form DST
Warrant Form corresponding repetitive wire instructions on
Wachovia Connection, if State agency.
5 Wachovia Acts on Enrollment Forms
5.1 Agency Participation Agreement (APA) Wachovia executes APA and returns to OSC Wach
Wachovia sets up transmission link with either
5.2 EFT Participant Setup Form Wach
CPS or participant
Wachovia sets up settlement bank account,
and Returns account if inbound, and advises Wach
DST and OSC of account numbers
Wachovia links account to Wachovia
Wach
Connection Administrator
Wachovia sets up invoicing Wach
Wachovia sets up statement rendering Wach
6 Establish processing environment with CPS
1. Agency must complete a Security Risk
Submit SRA and Diagram by email to
Assessment (SRA) questionnaire obtained from
osc.secp.info@ncosc.net
OSC SECP Website.
Security Risk Assement Form a) OSC forwards SRA and Network Diagram
6.1 2. Agency must submit a detailed Network OSC
Security Risk Assessment may be separately required by Network Diagram to ITS Security Office
Diagram to OSC for review by ITS Information
PPM. Obtain assistance from ITS Information Security
Security Office.
Office if necessary.
b) CPS Team reviews, provides feedback, and
CPS
discusses with Agency Project Manager (APM)
Team
to resolve outstanding issues.
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
c) APM submits revised Security Risk
Assessment for signature and approval by Agency
OSC and ITS.
Submit by email to CPSTechSupport@lists.ncmail.net to
obtain access to the Technical Implementation section of
a) Store the project CPS Set-up Form in the
the CPS Agency Guide, and agree on an implementation CPS
6.2 Submit CPS Set-up Form - Group 1 Data CPS Set-up Form - Group 1 Data project folder under the P-drive Agency
schedule. Submit this as early as possible - AT LEAST 1 Team
Activation tracking folder
MONTH prior to the agency's design phase. The form is
available from the SECP website under CPS Enrollment.
b) Open an iWise Ticket to track this project
(Detail="merchant activation support", CPS
Description="agency/project name - ACH Team
activation project")
c) Send CPS Technical Implementation access
CPS
information to either the PM (if State employee)
Team
or to the MIS Manager
d) Assess and discuss with Telecomms and
Computing Services:
- business volumes and cycles
CPS
- project timing requirements
Team
- access or hosting issues
Set up a meeting with the agency project if
needed to facilitate discussion.
e) Ensure all are in agreement about timelines,
CPS
testing schedules, and roll-out approach.
Team
Access issues must be resolved at this time.
The CPS Technical Implementation documents include
the sample interface code, class libraries, best practices
and program processing descriptions. These are CPS provide UserID and Password to CPS
6.3 Review CPS Technical Implementation documents
sensitive information and given only to projects confirmed Technical Implementation contact. Team
by OSC (by the assignment of a Merchant Name or
Company Name).
Define application's payment processing requirements,
6.4 Develop the CPS interface establish testing environment, and develop the interface
to CPS
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
This is to be done with the agency's business operations.
6.5 Establish fulfillment process and logistics
Consult NACHA Rules for payment handling regulations
Develop Test Plan and Application specific Test Develop a test plan and test script incorporating the
6.6 Test Plan, Test Script
Script various transactions that will be performed.
A bill code is used by the ITS billing system to generate
the monthly invoice to the agency for the CPS Usage
Establish payment arrangement with ITS for
6.7 Fee. Agency must decide who will bear this operational Bill Code Request Form ITS sets up bill code ITS
services acquired
cost (IT, business unit, or fiscal). Request for a bill code
may be made by contacting the ITS Service Desk.
Submit this as early as possible - NO LESS THAN 2 ACH Only
weeks before testing the CPS Interface - BY EMAIL to a) Set-up the project in the
CPSTechSupport@lists.ncmail.net to provide test Test Environment using test environment
CPS
6.8 Submit CPS Set-up Form - Group 2 Data environment set-up information and confirm testing time CPS Set-up Form - Group 2 Data information provided on the form. Carry out
Team
in the CPS test environment. Use the same form test environment access as agreed in 6.2).
submitted in Step 6.2. Attach a copy of the Test Plan and CPS Team to coordinate tasks with TS/CS as
Test Script developed in Step 6.6. needed.
ACH Only
b) Provide the following to the
agency project:
- any issues detected from the Test Plan and
CPS
Script
Team
- test application username
- test password
- test Virtual Pay Reporting account (if desired
by customer)
c) Review the production environment
CPS
information provided by the project on the form
Team
and resolve implementation issues detected.
Submit test results to CPS support. Testing is
supported by the CPS team during normal business Support project testing of the interface as CPS
6.9 Perform CPS interface testing Test Script with test results
hours. Make arrangements well in advance if the project needed. Team
needs support beyond the normal hours.
6b Perform Testing & Acceptance Tasks
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
a) OSC acts on the Acceptance Checklist:
- Forwards the checklist to the CPS Team and
Develop an Acceptance Checklist, incorporating Do this AT LEAST 2 WEEKS BEFORE the planned obtain feedback on CPS requirements
6b.1 tasks performed and to be performed, per this migration to production. Attach supporting documents Acceptance Checklist - Reviews the checklist and supporting OSC
project plan. and submit BY EMAIL to osc.secp.info@ncosc.net documents
- Advises the agency with comments if there
are issues that require resolution
b) If there are no issues identified by OSC or
OSC
ITS, advise the agency.
Settlement Bank Account OSC provides numbers obtained from
6b.2 Obtain approval and Production set-up numbers OSC
Numbers Wachovia
Brief the agency's IT support, business support, and
fiscal support about the proper communication protocol
when the application becomes operational. IT and
business POINTS-OF-CONTACT have to be identified.
Identify the agency personnel who may report problems
and issues to ITS and who will be in ITS's notification list
if there are problems, changes, or issues on the
6b.3 Conduct briefing on Contact information
Common Payment Service. All CPS-related problems,
issues and requests must be coursed through the ITS
Service Desk. Review website Contact Information page
for details.
Business-related issues and Wachovia Connection
issues must be concucted through OSC. Review OSC's
SECP Website "Contact Us" page for details.
a) Using information from the Group 2 and
AT LEAST 1 WEEK before production migration and BY
Group 3 set-up data, define the agency store CPS
6b.4 Submit CPS Set-up Form - Group 3 Data EMAIL to CPSTechSupport@lists.ncmail.net to request CPS Set-up Form - Group 3 Data
or profile in the respective CPS Production Team
agency activation in the CPS Production environment
Environment.
b) Schedule customer access to Virtual Pay
CPS
Reporting and orientation with the agency
Team
users specified on the Set-up Form.
c) Obtain firewall policy change approval by
opening an iWise ticket for TS requesting a CPS
firewall policy update for Team
- the agency production application servers
CPS
d) Add the agency's Bill Code to the CPS table
Team
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
e) Update the
CPS
CPSClientAgencies@lists.ncmail.net list serve
Team
with agency information provided.
f) Update the CPS Agency Database with
CPS
Settlement and Maintenance windows, and
Team
other set-up information
Coordinate migration activities and schedule with OSC
6b.5 Migrate agency application into production
and the CPS team.
Agency may determine to send a Prenote (Zero Dollar)
transaction through the ACH network. If the agency
6b.6 Perform Prenotification Transaction (optional)
elects to send the Prenote, there must be a six banking
day lag before a live transaction can be initiated.
Testers should be State employees or contractors whose
6b.7 Recruit production verification testers
use of the live application can be directed and monitored.
This process takes from 1 - 2 weeks. Production
Verification means the agency application is live and will
accept and process LIMITED live transactions from pre-
identified State employees. The purpose is to determine
if the agency's application has been set-up correctly:
CPS
6b.8 Perform "production verification" funds are either remitted are received by the a) Monitor the production transactions.
Team
payees/payors on the date anticipated, and the
settlement bank account (and Returns account if
applicable) can be viewed through Wachovia Connection.
Any incorrect set-ups have to be corrected before
making the online service open to the public.
CPS
b) Monitor the batch settlement process.
Team
c) Guide agency in their initial review of the
OSC
Wachovia Connection reports.
Report findings to OSC. OSC will work with Wachovia Make any necessary changes in account
6b.9 Resolve agency set-up issues detected OSC
Bank for any account set-up issues. mapping on Wachovia Connection.
Review results to ensure there are no agency
6b.10 Submit "production verification" final results Advise OSC and CPS of test results OSC
set-up issues remaining.
a) Brief agency points of contact on the use of
Issue public announcement / availability of service CPS
6b.11 ITS Service Desk support from this point
if needed Team
onward.
b) Close the iWise ticket for this CPS activation CPS
project. Team
Workplan Template
For Applications using the Common Payment Service (CPS)
Merchant Card
Name of Agency: Revised 5/30/2007
Implementation Plan w/ CPS
Website link for Presentation: http://www.ncosc.net/SECP/SECP_MerchantCard_Enrollment.html OSC Support Center Contact Info: 919.875.4357
ITS Service Desk Contact Info: 800.722.3946
AGENCY ACTIVITIES & TASKS OSC and ITS ACTIVITIES & TASKS
CORRESPONDING TASKS Date
Step AGENCY ACTIVITIES & TASKS TASK DESCRIPTION Agency/Project Deliverables By
(OSC & ITS Use Only) Completed
OSC provides updated Website information
1 Idenfify Merchant Card Project OSC
and answers any questions asked.
Review presentations, policies, agreements, and forms,
1.1 Review information on OSC's SECP Website
including PCI Security Standards information
1.2 Idenfity potential payment applications Identify "card-present" and "card not-present" situations
Consider POS Terminals, POS Electronic software, Web-
1.3 Determine capture methods to be used based applications, CPS Virtural Credit Card Termial
(VCCT), Gateway (CPS or third-party)
Identify method of transmitting authorizations and batch
1.4 Determine method of transmission
transactions.
Identify work to be performed, resources needed,
1.5 Develop internal statement of work Statement of Work
security measures, timeframes, etc.
Request Pre-Project meetings for discussions. Topics
include security requirements; source of application OSC
1.5a Obtain assistance from OSC and/or CPS OSC & ITS meets with Agency
servers; involvement of ITS. Determine ability to compy ITS
with PCI Security Standards.
Cost-benfit analysis Includes costs of development and
1.6 Assess feasibility of implementation Cost-benefit analysis
ongoing operation maintaince.
1.7 Obtain management approval for project Consider cost-benefit analysis, staffing, and funding Project Plan
Enroll with ITS Project Portfolio Management (PPM), if
1.8 Obtain ITS Project Management Office approval
applicable
1.9 Determine if convenience fee will be levied. Consider OSC policy and obtain approval from OSBM
Other
2 Execute Enrollment Forms OSC provides all forms on Website OSC
Review MSA. Legal should review agreement. Consider
2.1 Master Services Agreement (MSA)
the potential fines and other liabilites.
2.2 Agency Participation Agreement (APA) Execute APA. Legal should review agrrement. APA OSC approves or disapproves participation OSC
2.3 Merchant Card Participant Setup Form Execute Participate Setup Form - by Chief Fiscal Officer
Execute Outlet Setup Form for each outlet or line of
2.4 Merchant Card Outlet Setup Form APA
business (merchant number) needed - by Fiscal Officer
Prepare form designating users who will need access to
2.5 MyMerchant View Setup Form MyMverchant View online reporting with STMS - by Fiscal
Officer
Other forms, as referenced on OSC SECP Website may
be needed (Wachovia Connection, POS Terminal Order,
2.6 Other applicable forms Setup Form
PCI Security Self-Assessment Certification) - by Fiscal
Officer
3 OSC Acts on Enrollment Forms
3cd7484c-b5c0-464c-9b26-da629b7079df.xls Page 8
Workplan Template
For Applications using the Common Payment Service (CPS)
OSC processes agreements with DST and
3.1 Agency Participation Agreement (APA) OSC
STMS, & distributes
OSC processes form with DST, STMS, &
3.2 EFT Participant Setup Form OSC
Wachovia
OSC updates the participant info in the Heat
OSC
database, and email contact list
OSC processes form with STMS, and updates
3.3 Merchant Card Outlet Setup Form OSC
the Heat database with the Merchant info
OSC processes from with STMS, setting up
users and obtaining UserIDs and initial
3.4 My Merchant View Setup Form OSC
passwords. Users are notified directly of their
UserIDs and initial passwords.
If POS terminals are needed, OSC orders the
3.5 Other Applicable Forms terminals from STMS, with delivery being OSC
made directly to agency
If OSC is Admin for Wachovia Connection,
agency users are set up, and users are
OSC
notified directly of their UserID and initial
password.
Determination is made as to whether
3.6 PCI Security Certification application is to be enrolled with OSC
AmbironTrustWave
4 DST Acts on Enrollment Forms
4.1 Agency Participation Agreement (APA) DST executes APA DST
DST authorizes Wachovia to establish
4.2 Merchant Card Participant Setup Form DST
settlement account for agency
DST establishes CIT account on CB$, and
maps the ZBA account number when DST
received from Wachovia, if State agency
5 STMS Acts on Enrollment Forms
STMS executes APA and returns to OSC.
5.1 Agency Participation Agreement (APA) Non-State agencies may be subject to a credit STMS
check
STMS sets up profile for agency, assigning a
5.2 Merchant Card Participant Setup Form Chain Number tor the agency Merchant STMS
Name, and advises OSC
STMS assigns a merchant number to each
5.3 Merchant Card Outlet Setup Form outlet, mapping them to the agency's chain STMS
number. Also sets up invoicing.
STMS sets up users and provides UserIDs
5.4 MyMerchant View Setup Form and initial passwords to OSC, which then STMS
notifies each user separately, normally by Fax.
If terminals are ordered, STMS ships terminals
5.5 POS Teminal Order Form STMS
directly to agency
6 Establish processing environment with CPS
3cd7484c-b5c0-464c-9b26-da629b7079df.xls Page 9
Workplan Template
For Applications using the Common Payment Service (CPS)
1. Agency must complete a Security Risk
Assessment (SRA) questionnaire obtained from
OSC SECP Website. Submit SRA and Diagram by email to
2. In conjuction with the SRA, the osc.secp.info@ncosc.net
agency must also complete the PCI Security Self- PCI Security Questionnaire a) OSC forwards SRA and Network Diagram
6.1 OSC
Assessment Questionnaire. Security Risk Assessment may be separately required by Network Diagram to ITS
3. Agency must submit a detailed Network PPM. Obtain assistance from ITS Information Security
Diagram to OSC for review by ITS Information Office if necessary.
Security Office.
b) CPS Team reviews, provides feedback,
CPS
and discusses with Agency Project Manager
Team
(APM) to resolve outstanding issues.
c) APM submits revised Security Risk
Assessment for signature and approval by Agency
OSC and ITS.
Submit by email to CPSTechSupport@lists.ncmail.net to
obtain access to the Technical Implementation section of
a) Store the project CPS Set-up Form in the
the CPS Agency Guide, and agree on an implementation CPS
6.2 Submit CPS Set-up Form - Group 1 Data CPS Set-up Form - Group 1 Data project folder under the P-drive Agency
schedule. Submit this as early as possible - AT LEAST 1 Team
Activation tracking folder
MONTH prior to the agency's design phase. The form is
available from the SECP website under CPS Enrollment.
b) Open an iWise ticket to track this project
(Detail="merchant activation support", CPS
Description="Merchant name - Merchant Team
Activation project")
c) Send CPS Technical Implementation
CPS
access information to either the PM (if State
Team
employee) or to the MIS Manager
d) Assess and discuss with Telecomms and
Computing Services:
- business volumes and cycles
CPS
- project timing requirements
Team
- access or hosting issues
Set up a meeting with the agency project if
needed to facilitate discussion.
e) Ensure all are in agreement about
timelines, testing schedules, and roll-out CPS
approach. Access issues must be resolved at Team
this time.
The CPS Technical Implementation documents include
the sample interface code, class libraries, and program
CPS provide UserID and Password to CPS
6.3 Review CPS Technical Implementation documents processing descriptions. These are sensitive information
Technical Implementation contact. Team
and given only to projects confirmed by OSC (by the
assignment of a Merchant Name).
Define application's payment processing requirements,
6.4 Develop the CPS interface establish testing environment, and develop the interface
to CPS. Ascertain if AVS will be used.
This is to be done with the agency's business operations.
6.5 Establish fulfillment process and logistics
Consult STMS's MSA and Operating Guide.
3cd7484c-b5c0-464c-9b26-da629b7079df.xls Page 10
Workplan Template
For Applications using the Common Payment Service (CPS)
Develop Test Plan and Application specific Test Develop a test plan and test script incorporating the
6.6 Test Plan, Test Script
Script various transactions that will be performed.
A bill code is used by the ITS billing system to generate
the monthly invoice to the agency for the CPS Usage
Establish payment arrangement with ITS for
6.7 Fee. Agency must decide who will bear this operational Bill Code Request Form ITS sets up bill code ITS
services acquired
cost (IT, business unit, or fiscal). Request for a bill code
may be made by contacting the ITS Service Desk.
Submit this as early as possible - NO LESS THAN 2 Merchant Card Only
weeks before testing the CPS Interface - BY EMAIL to a) Set-up the project as a
CPSTechSupport@lists.ncmail.net to provide test CPS Store in the Test Environment using test
CPS
6.8 Submit CPS Set-up Form - Group 2 Data environment set-up information and confirm testing time CPS Set-up Form - Group 2 Data environment information provided on the form.
Team
in the CPS test environment. Use the same form Carry out test environment access as agreed
submitted in step 6.2. Attach a copy of the Test Plan and in 6.2). CPS Team to coordinate tasks with
Test Script. TS/CS as needed.
Merchant Card Only
b) Provide the following to
the agency project:
- any issues detected from the Test Plan and
Script
CPS
- test application username
Team
- test password
- test visa card number ($1 limit)
- test mc card number ($1 limit)
- test VCCT username & password
- point agency users to VCCT Online Help
c) Review the production environment
information provided by the project on the CPS
form and resolve implementation issues Team
detected.
Submit test results to CPS support. Testing is
supported by the CPS team during normal business Support project testing of the interface as CPS
6.9 Perform CPS interface testing Test Script with test results
hours. Make arrangements well in advance if the project needed. Team
needs support beyond the normal hours.
6b Perform Testing & Acceptance Tasks
a) OSC acts on the Acceptance Checklist:
- Forwards the checklist to the CPS Team and
Develop an Acceptance Checklist, incorporating Do this AT LEAST 2 WEEKS BEFORE the planned obtain feedback on CPS requirements
6b.1 tasks performed and to be performed, per this migration to production. Attach supporting documents Acceptance Checklist - Reviews the checklist and supporting OSC
project plan. and submit BY EMAIL to osc.secp.info@ncosc.net documents
- Advises the agency with comments if there
are issues that require resolution
b) If there are no issues identified by OSC or
OSC
ITS, advise the agency.
c) Send an acceptance confirmation email to
the agency project including fiscal and
business areas, and to the CPS Team that OSC
includes MID,TID , and User Profile
information.
6b.2 Obtain approval and Production set-up numbers OSC provides numbers obtain from STMS OSC
3cd7484c-b5c0-464c-9b26-da629b7079df.xls Page 11
Workplan Template
For Applications using the Common Payment Service (CPS)
Brief the agency's IT support, business support, and
fiscal support about the proper communication protocol
when the application becomes operational. IT and
business POINTS-OF-CONTACT have to be identified.
Identify the agency personnel who may report problems
and issues to ITS and who will be in ITS's notification list
if there are problems, changes, or issues on the
6b.3 Conduct briefing on Contact information Common Payment Service. All CPS-related problems,
issues and requests must be coursed through the ITS
Service Desk. Review website Contact Information page
for details.
Business-related issues, MyMerchantView, and
Wachovia Connection issues must be conducted through
OSC. Review OSC's SECP Website "Contact Us" page
for details.
AT LEAST 1 WEEK before production migration and BY a) Using information from the Group 2 and
EMAIL to CPSTechSupport@lists.ncmail.net to request Group 3 set-up data, define the agency store CPS
6b.4 Submit CPS Set-up Form - Group 3 Data CPS Set-up Form - Group 3 Data
merchant agency activation in the CPS Production or profile in the respective CPS Production Team
environment Environment.
b) Set-up customer access to Virtual Credit
Card Terminal and orientation with the agency
CPS
users specified on the Set-up Form. Check
Team
that the users have reviewed the User Guide
and know how to use the reports.
c) Obtain firewall policy change approval by
opening an iWise ticket for TS requesting a CPS
firewall policy update for Team
- the agency production application servers
CPS
d) Add the agency's Bill Code to the CPS table
Team
e) Update the
CPS
CPSClientAgencies@lists.ncmail.net list serve
Team
with agency information provided.
f) Update the CPS Merchant Agency
CPS
Database with Settlement and Maintenance
Team
windows, and other set-up information
Coordinate migration activities and schedule with OSC
6b.5 Migrate agency application into production
and the CPS team.
Testers should be State employees or contractors whose
6b.6 Recruit production verification testers
use of the live application can be directed and monitored.
This process takes from 1 - 2 weeks. Production
Verification means the agency application is live and will
accept and process LIMITED live transactions from pre-
identified State employees. The purpose is to determine
if the merchant agency had been set-up correctly: the
funds are received within the next business day, CPS
6b.7 Perform "production verification" a) Monitor the production transactions.
processing rates applied on transactions are correct, Team
processing charges are not debited against the daily
funding deposits, the settlement bank account can be
viewed through Wachovia Connection, etc. Any incorrect
set-ups have to be corrected before making the online
service open to the public.
3cd7484c-b5c0-464c-9b26-da629b7079df.xls Page 12
Workplan Template
For Applications using the Common Payment Service (CPS)
CPS
b) Monitor the batch settlement process.
Team
c) Guide merchant agency in their initial
CPS
review of the VCCT reports after the
Team
settlement is completed.
d) Guide agency in their initial review of the
Wachovia Connection reports.
e) Guide agency in their initial review of the
MyMerchant View reports.
a) Make any necessary changes in account
Report findings to OSC. OSC will work with STMS and mapping on Wachovia Connection.
6b.8 Resolve agency set-up issues detected OSC
Wachovia Bank for any agency-set-up issues. b) Rectify any setup issues with
MyMerchant View
Review results to ensure there are no agency
6b.9 Submit "production verification" final results Advise OSC and CPS of test results OSC
set-up issues remaining.
a) Brief agency points of contact on the use of
Issue public announcement / availability of service CPS
6b.10 ITS Service Desk support from this point
if needed Team
onward.
b) Close the iWise ticket for this CPS CPS
activation project. Team
7 Establish Business Procedures
Review presentations, policies, agreements, forms, and
7.1 Educate staff on SECP website
contact information
Base procedures on STMS Operating Guide and Card
Association Rules. Topics should include signature
Establish procedures for face-to-face transactions
7.2 verification, address verification, expiration date
and card not-present transactions.
verification, processing inadvertent duplicate
transactions, refunds, chargebacks, etc.
Base procedures on STMS Operating Guide and Card
Association Rules. Topics should include voice
7.3 Establish procedures for obtaining authorizations
authorization as backup, suspected fraud situations
(Code 10 Procedures), etc.
Provide necessary training for operating POS Obtain guidance from STMS Technical Services Help
7.4
terminals and POS software applications. Desk if necessary.
Establish procedures for closing out terminals and
Base procedures based on cut-off times provided by
7.5 other applications, and tranmitting batches to
CPS or STMS.
either CPS or STMS.
Devise procedures based on OSC E-Commerc Policies,
Establish procedures for retaining transaction slips,
STMS Operating Guide, and Card Association Rules.
7.6 records retention, and handling disputed Internal Policies and Procedures
Use template on
transactions.
OSC's SECP Website
OSC reviews and approves policies and
7.7 Submit Internal Agency Policies & Procedures Submit by email to osc.secp.info@ncosc.net for review. OSC
procedures
8 Establish Fiscal Procedures
Review presentations, policies, agreements, forms, and
8.1 Educate staff on SECP website
contact information
Establish procedures for reporting of funds Incorporate Reconcilement Function requirements on
received for settlement of transactions; and SECP website. Consider settlement of proprietary card
8.2
Refunds and Chargebacks that are netted out of transactions that may be received on a different day than
daily ZBA sweep. Visa or MasterCard.
Verify all users have received userIDs and passwords,
Establish procedures for Wachovia Connection
8.3 and have access to all required functions and settlement
users
accounts
3cd7484c-b5c0-464c-9b26-da629b7079df.xls Page 13
Workplan Template
For Applications using the Common Payment Service (CPS)
Verify all users have received userIDs and passwords,
8.4 Establish procedures for MyMerchant View users and have access to all merchant numbers and required
reports
Verify all users have received userIDs and passwords,
8.5 Establish procedures for VCCT users and have access to all merchant numbers and required
reports
Establish procedures for multiple merchant
number settling into same bank account, and Incorporate Reconcilement Function requirements on
8.6
associated reconcilement with the decentralized SECP website
department's captured transactions.
Establlish procedures for reviewing, verifying, and Develop controls, and periodically examine to enusre that
8.7
paying STMS monthly invoice the appropriate Interchange rates are being applied.
Describe Internal Policies and Procedures, incorporating
procedures established, and any applicable E-
8.8 Prepare an updated Cash Management Plan Internal Policies and Procedures
Commerce policies on SECP websie, utilizing sample
format.
OSC reviews and approves policies and
8.9 Submit Internal Agency Policies & Procedures Submit by email to osc.secp.info@ncosc.net for review. OSC
procedures
9 Obtain PCI Security Compliance
Review OSC's Website pertaiing to PCI Security,
Educate staff on PCI Security Standards including presentations, policies, Visa and MasterCard
9.1
requirements Websites. Consider the potential fines for non-
compliance or security breaches.
Consider requirement associated with business
Establish procedures from the business
9.2 processing, to include physical security, employee
perspective
background checks, etc.
Consider requirement associated with technical
Establish procedures from the technical
9.3 processing, to include hardware, software, firewalls,
perspective
encryption, etc.
Complete questionnaire regardless of types of capture
9.4 Complete Security Assessment Questionnaire
used.
If third-party gateways or other service providers are
9.5 Ascertain compliance of third party providers
used, obtain certificate of compliance
Provide one contact for entire agency to OSC, on
9.6 Designate individual for PCI Security
Merchant Card Participant Setup Form
If outward facing IPS URLs are used, enroll with
9.7 Enroll with AmbironTrustWave if applicable AmbironTrustWave, for annual questionnaire completion OSC enrolls each merchant number with ATW OSC
and quarterly vulnerability scans.
For merchant numbers not required to be enrolled with
PCI Self Assessment
9.8 Complete Self Assessment Certification ATW (i.e., POS Terminals) complete Self Assessment
Certification Form
Certification Form
3cd7484c-b5c0-464c-9b26-da629b7079df.xls Page 14
