Partnership Drives GMU’s PCI DSS Program Forward

Introduction

George Mason University (GMU), Virginia’s largest public research institution, provides a comprehensive, innovative education near Washington, D.C. The institution is distinguished by its commitment to fostering an entrepreneurial mindset, advancing cutting-edge research, and offering students substantial real-world opportunities.

GMU has maintained a trusted partnership with CampusGuard since 2013, leveraging services such as GLBA assessments, online training, penetration testing, annual support agreements, and more. In 2024, the collaboration expanded to include PCI DSS Program Management, and the relationship continues to grow as GMU strengthens its commitment to security and compliance.

The Challenge

GMU experienced a wave of retirements among long-term employees who had played integral roles in maintaining the University’s PCI DSS compliance program. PCI compliance at GMU has always been a collaborative effort – successfully built and sustained through the partnership of multiple departments working together to protect cardholder data.

Although the program itself was well-established, with a structured compliance calendar, consistent cadence, annual training, and strong awareness across merchant areas, the challenge was one of bandwidth and ownership.

GMU recognized the need for a centralized point of coordination to sustain the program’s momentum and ensure that compliance activities continued seamlessly. The University sought a partner who could bring structure, consistency, and hands-on support, while maintaining the decentralized relationships and accountability that made GMU’s program successful in the first place.

The Approach

To stabilize and strengthen GMU’s PCI DSS program following staff transitions, the Vice President and Treasurer of Fiscal Services, Gene Crouch, engaged with CampusGuard for dedicated Program Management support.

With her knowledge of GMU’s environment as their long-standing CampusGuard Customer Relationship Manager, Laura Allison easily stepped into the role of Program Manager, operating as an extension of the Treasury Office, bringing structure, clarity, and hands-on coordination to the effort.

Together with CampusGuard Qualified Security Assessor (QSA) Brent Hobby and GMU stakeholders across Fiscal Services, ITS, and the merchant community, CampusGuard re-energized the compliance program through a more centralized, yet highly collaborative model.

• Streamlined coordination: CampusGuard took on the heavy administrative lift, freeing internal staff to focus on operational priorities.
• Empowered merchants: Through targeted outreach, departmental surveys, and one-on-one collaboration, CampusGuard confirmed scope, clarified responsibilities, and aligned processes.
• Strengthened training: Under Katie Johnson’s leadership, CampusGuard’s Operations Support Team enhanced GMU’s annual PCI DSS training program, ensuring both new and existing employees completed timely, role-specific instruction.

This approach reinforced a sense of shared ownership across campus while ensuring that daily management, documentation, and compliance tracking were continuously maintained.

“Laura Allison exemplifies the highest standard of professionalism in every aspect of her work. Her deep expertise in PCI compliance through CampusGuard ensures that GMU’s sensitive data is rigorously protected and aligned with industry best practices,” said Gene Crouch.

“She fosters seamless collaboration across departments, translating complex security requirements into actionable solutions for all stakeholders. Laura consistently goes above and beyond, anticipating challenges and proactively addressing them before they become issues. Her strategic insight and attention to detail make her a trusted advisor to leadership and colleagues alike. She balances technical mastery with practical execution, ensuring both compliance and operational efficiency.”

The Results

The partnership between GMU and CampusGuard has evolved into a high-functioning, collaborative compliance program that thrives on communication, accountability, and efficiency.

• A sustainable cadence: GMU now operates with a clear compliance calendar and predictable rhythm of communication and coordination, making annual renewals and assessments smoother and less disruptive.
• Reduced scope and risk: Strategic adjustments to merchant operations and vendor oversight have narrowed PCI DSS scope and improved third-party compliance assurance.
• Confidence and continuity: Despite significant staffing transitions, GMU maintained—and even strengthened—its PCI DSS posture. Merchants and leadership alike now have confidence that compliance activities are timely, accurate, and well-supported.

CampusGuard’s integrated approach delivered more than just continuity—it created capacity, consistency, and confidence. Together, GMU and CampusGuard turned a staffing challenge into an opportunity to redefine what collaboration in compliance looks like.

Going Forward

George Mason University and CampusGuard will continue their partnership, building on the strong foundation of trust, teamwork, and shared accountability that has driven their success. CampusGuard will remain closely engaged with GMU’s PCI DSS team to ensure the University’s compliance scope stays tightly managed and its processes remain both effective and efficient.

As GMU’s operations evolve, CampusGuard will adapt in lockstep—offering guidance, structure, and hands-on support wherever needed. Together, the teams will continue refining and improving the program, ensuring that PCI DSS compliance remains not just a requirement, but a sustainable, collaborative practice across campus.

Looking for PCI DSS program management support? Contact us to get expert guidance and keep your PCI DSS program on track.