Text Size:   A+ A- A   •   Text Only
Find     
Site Image
Statewide IT Policy 1.5
Electronic Commerce
 
SUBJECT: Electronic Commerce: Electronic Commerce (EC) applications involving electronic transmission of credit card data over the public Internet.

Introduction

The state will be using the Internet more each year to expand services to citizens and customers.  For applications involving transactions of credit card data over the public Internet, agencies must exercise extreme care. The state must protect the integrity of the data, the financial and confidential information about the customer, and preserve the trust and confidence in using the public Internet.  This requires a combination of strong management and the use of appropriate security technologies.

Authority - ORS 291.038, EO-00-30

Policy

For at least the first year through November 30, 2001, agencies will use DAS IRMD services for applications involving electronic transmission of credit card data over the public Internet.  DAS IRMD will provide the secure environment to host these electronic commerce applications, will create a single portal for citizens wanting to do business electronically with state government, and will develop a clearinghouse of state EC projects that will be available to all agencies.  Agencies will notify DAS IRMD of all EC projects that will use the public Internet for transmission of credit card data. Agencies can request an exemption from this policy from the state´s Chief Information Officer, IRMD.
 
After the first year, a review of the efficacy of the program and a review of the state EC standards will be made and presented to ITEC.  Revisions of the policy will be done by IRMD by November 30, 2001.

Financial Transactions: Agency customer credit card information that is transmitted electronically over the public Internet must be sent using an appropriate level of encryption technology as defined in the Oregon Information Technology Standards Directory and the IRMD Information Security Policy. These financial transactions must be done in accordance with policies and procedures (unless required otherwise by applicable laws) established by the following agencies:
  • State Treasury
    • Cash Management Rules
  • DAS
    • Accounting Management Control Rules
    • Self Insurance Policy Manual
    • State Purchasing Rules
    • Technology standards for Information Security, Encryption, User Authentication, and Electronic Payment technologies
Kinds of Financial Transactions

The following kinds of Internet business transactions involving financial payment are expected to become part of doing business in Oregon State government and would be covered by this policy.
  • Catalog/product Sales (CD´s, Maps, Books, etc)
  • Electronic filing (UCC filings, other electronic self-reporting filings)
  • Fee payments (Payment of fines, etc)
  • License/Permit application and renewal (Professional license and other permits)
  • Database searching of public data (UCC database, etc)
  • On-line Bid Auctions (Surplus property)
Specific financial transactions between Treasury and Agencies are NOT covered by this policy including ACH transactions.
 
PROCEDURES & DEFINITIONS : Agencies can contact the EGovernment Manager with questions at 503-378-4705.  Definitions are provided in Appendix A.