A University Path to Sustainable PCI Compliance: Reducing Scope, Reducing Risk

Webinar PCI DSS

February 6, 2026

In this presentation that was featured in an EDUCAUSE Symposium, we share how Stanford approached PCI DSS challenges and developed a sustainable, lower‑risk, lower‑scope compliance program.

We explore how Stanford tackled PCI challenges and what worked (and what didn’t) in a real-world campus environment.  We also cover practical ways to shrink your organization’s PCI scope and make compliance less overwhelming, and provide clear recommendations to build stronger governance and simplify processes.

Key Takeaways:

  • Reducing PCI Scope Is the Most Effective Risk Reduction
    Modern tools like P2PE and vendor‑hosted e-commerce dramatically reduce compliance burden by removing the institution from storing/processing cardholder data.
  • Central Governance Is Critical
    Clear roles shared between ISO and Merchant Services ensure consistent oversight and reduce decentralization challenges.
  • Continuous Improvement Matters
    PCI DSS evolves often; institutions must maintain adaptable governance, vendor management processes, training, and documentation practices.

Speakers:

 

Shawn Kim, Stanford

Shawn Kim

Director of Cybersecurity Governance, Risk, and Compliance, Information Security Office at Stanford University

David Gundrum

QSA, CISSP
Security Advisor at CampusGuard

Katie Johnson

Katie Johnson

PCIP
Manager of Operations Support at CampusGuard

Download the Presentation

Share

About the Author
Kathy Staples

Kathy Staples

Marketing Manager

Kathy Staples has over 20 years of experience in digital marketing, with special focus on corporate marketing initiatives and serving as an account manager for many Fortune 500 clients. As CampusGuard's Marketing Manager, Kathy's main objectives are to drive the company's brand awareness and marketing strategies while strengthening our partnerships with higher education institutions and organizations. Her marketing skills encompass multiple digital marketing initiatives, including campaign development, website management, SEO optimization, and content, email, and social media marketing.

Related Content

Webinar

Building a Sustainable PCI Compliance Program

Watch our webinar for insights, tools, and strategies to help you streamline compliance, reduce complexity, and create a sustainable program.

PCI DSS
Watch the Webinar about the Building a Sustainable PCI Compliance Program
Checklists and Templates

PCI DSS Compliance Guide & Quarterly Checklist

Download our PCI DSS Compliance Guide & Quarterly Checklist to help you achieve and maintain PCI compliance. Access this free download now!

PCI DSS
Download the Guide about the PCI DSS Compliance Guide & Quarterly Checklist
Article

PCI DSS 101 in the SLED Environment

Discover the basics of PCI DSS compliance & learn how to organize Merchant IDs, group merchants, & streamline payment security in complex SLED environments.

PCI DSS
Practical PCI Steps about the PCI DSS 101 in the SLED Environment