Established in 1958 in Columbus, Georgia, Columbus State University (CSU) is a dynamic institution known for its commitment to student success, community engagement, and operational excellence.
Over the years, CSU has taken a thoughtful and strategic approach to payment processing, intentionally simplifying its payment environment and reducing PCI scope wherever possible. Through the use of secure, outsourced solutions and strong governance, the university has minimized risk while maintaining efficient operations across its departments.
CSU has worked with CampusGuard to support PCI DSS assessments, consulting, and training services.
The Challenge
CSU’s PCI DSS compliance program was built on a strong foundation and supported by a collaborative, team-oriented culture. Stakeholders across the university were engaged and committed to doing the right thing.
However, a period of staff turnover impacted key contributors, creating some continuity challenges. At the same time, individuals supporting PCI efforts were balancing competing priorities and operational demands.
While the commitment to compliance remained strong, bandwidth constraints made it difficult to consistently maintain structure, ownership, and forward momentum. CSU recognized the need for a dedicated partner to help coordinate efforts, reinforce the program, and ensure progress remained on track.
The Approach
Working closely with Dr. Crystal Harris, University Bursar, CSU, with support from CampusGuard, re-established structure and drove the program forward.
Together, we aligned on priorities and defined an approach tailored to CSU’s culture and timeline, with the goal of achieving PCI DSS compliance by April 2026.
Key efforts included:
- Merchant outreach & training: Supported a focused campaign, with support from CampusGuard’s Operations Support team, resulting in 100% completion of required PCI DSS training within two months
- Scope validation with IT: Partnered with IT to confirm PCI scope, ensuring systems, payment channels, and third-party service providers were accurately identified and documented
- QSA-led SAQ workshops: Assisted with live working sessions where a CampusGuard QSA guided SAQ completion in real time, enabling accurate responses the first time with no rework required
- Program structure & processes: Updated procedures, validated inventories, and established repeatable processes for training, device management, and ongoing compliance activities
- Compliance calendar implementation: Developed a clear, repeatable compliance calendar aligned with university operations and merchant workflows
This approach was intentionally collaborative, providing structure and dedicated focus while enabling CSU stakeholders to remain engaged without adding unnecessary burden.
The Results
Within an accelerated timeframe, CSU successfully achieved PCI DSS compliance, supported by a program that is now structured, sustainable, and aligned across stakeholders.
Key outcomes included:
- 100% completion of required PCI DSS training within two months
- Updated and standardized departmental procedures
- Accurate and maintained device and third-party service provider inventories
- Defined, repeatable processes supporting ongoing compliance activities
A major milestone was the implementation of a formal PCI DSS compliance calendar. Designed in partnership with the university and its merchants, the calendar aligns with operational realities and supports, rather than disrupts, departmental workflows. It provides a clear, repeatable roadmap for compliance activities, ensuring that efforts are timely, coordinated, and achievable year over year.
As a result, the program has shifted from reactive to proactive. Stakeholders across campus understand their responsibilities, are engaged in the process, and are equipped to maintain compliance as part of their day-to-day operations.
“CampusGuard served as a valuable resource throughout our PCI compliance journey,” said Dr. Crystal Harris, Bursar at Columbus State University. “Their support helped our institution better understand compliance requirements, identify areas for improvement, and establish more effective operational practices.”
Going Forward
With a strong foundation now in place, CSU and CampusGuard are focused on continuing to mature and optimize the program.
Future efforts include:
- Enhancing program efficiency: Identifying opportunities to streamline processes and reduce administrative overhead
- Strengthening governance and visibility: Continuing to refine reporting, tracking, and communication across stakeholders
- Adapting to change: Ensuring PCI scope remains accurate as systems and operations evolve
- Sustaining merchant engagement: Maintaining strong relationships and accountability across departments
Looking ahead, the focus is not just on maintaining compliance but on strengthening the program’s resilience and adaptability. As university operations continue to evolve, CSU and CampusGuard will remain closely aligned to ensure compliance efforts stay efficient, effective, and embedded into day-to-day operations.
CSU will continue to evaluate and utilize appropriate resources to support ongoing compliance efforts.
"CampusGuard served as a valuable resource throughout our PCI compliance journey. Their support helped our institution better understand compliance requirements, identify areas for improvement, and establish more effective operational practices."
