Standards and Governance

Spending is guided by University Policy 601.8, Appropriate Use of University Funds. Policy 601.8 is supported by standards developed by Financial Services.

These standards outline minimum requirements related to common fund expenditures and are designed to assist departments with implementing Policy 601.8. All departments must comply with the standards by following prescribed procedures or by developing unit-specific procedures that meet or exceed the minimum requirements established by the standards.

The Allowable Fund Use Table provides an overview of allowable fund sources for common fund expenditures.

STANDARDS

• Standard for Meals and Entertainment
• Standard for Conferences and Events
• Standard for Marketing and Development
• Standard for Gifts, Awards, and Other Payments
• Standard for Student-Oriented Activities

ALLOWABLE FUND USE TABLE

Click the image below to enlarge:

TRAINING

Sources and Uses of University Funds Training

Last Updated: April 28, 2023

• Capital Assets Standards

Purpose: Provides baseline standards for the capital assets process of the UNC System and general guidance on recording and maintaining capital assets.

Last Updated: June 2, 2022

Debarred Vendors – System for Award Management

Last Updated: June 1, 2021

Debarred Vendors List – NC Dept of Administration

These files contain a list of vendors debarred from doing business with the State of North Carolina, including their location, date of debarment, and reason for debarment.

Last Updated: June 1, 2021

Fly America Act

All air travel and cargo transportation services funded by the federal government are required to use a “U.S. flag” air carrier service. You can find a complete list of certified U.S. flag air carriers on transportation.gov.

Last Updated: June 6, 2021

Governmental Accounting Standards Board (GASB)

Established in 1984, the GASB is the independent, private-sector organization based in Norwalk, Connecticut, that establishes accounting and financial reporting standards for U.S. state and local governments that follow Generally Accepted Accounting Principles (GAAP).

Last Updated: December 23, 2014

Internal Revenue Service

The Internal Revenue Service is the nation’s tax collection agency and administers the Internal Revenue Code enacted by Congress.

Last Updated: February 15, 2022

IT Procurement Homepage

The Statewide IT Procurement Office establishes processes, specifications, and standards for IT products and services that are purchased, licensed, or leased by state agencies and educational entities.

Last Updated: November 10, 2014

North Carolina Daily Deposit Act (G.S. 147-77)

Text of the statute: North Carolina Daily Deposit Act.

Last Updated: November 10, 2014

NCDOR

The North Carolina Department of Revenue’s mission is to fund public services benefiting the people of North Carolina.

Last Updated: February 15, 2022

Office of State Controller (OSC)

As the State’s Chief Fiscal Officer, the Controller serves as an independent resource to promote accountability while protecting the financial integrity of the State.

OSC PCI Security Compliance Program

Merchants that accept credit and debit cards are required to adhere to certain rules and standards designed to protect cardholder account data. The various rules and standards are issued individually by the card associations and collectively by the Payment Card Industry (PCI) Security Standards Council. State entities accepting credit cards are required to adhere to these rules and standards. Information contained herein is intended to provide guidance regarding compliance.

Last Updated: January 7, 2022

Office of State Human Resources (OSHR)

The Office of State Human Resources vision is to excel as a leader and partner in managing Human Resources for a North Carolina State Government that reflects the diversity and talent of our state.

Last Updated: February 15, 2022

Office of the State Auditor (OSA)

The North Carolina Office of the State Auditor (OSA) performs an array of work, including financial statement audits, financial-related audits, performance audits, information technology audits, and investigative reports. We examine all facets of state government, including education, health, transportation, computer systems, regulatory processes, and public safety. OSA conducts special studies as requested by the Legislature and audits federal grant programs to ensure North Carolina can continue to receive federal money. Our work helps improve the efficiency of state government and helps the state retain its coveted AAA bond rating.

Last Updated: February 15, 2022

I. Executive Summary and Purpose

The Payment (Credit/Debit) Card Processing Standard provides the requirements and direction for all payment (credit/ debit) card processing activities at UNC Charlotte.

The following sources were consulted and provide the basis for this program: ISO 27002 and the Payment Card Industry Data Security Standards (PCI DSS).

This Standard defines the responsibilities of employees, administrative units, organizations and affiliates that process payment cards on behalf of UNC Charlotte or its affiliates or have access to UNC Charlotte’s computing and network resources that are utilized for the processing of payment cards. All relevant provisions contained in University Policy #311 and the Standard for Responsible Use are applicable and included by reference in this document. This Standard supersedes all other associated UNC Charlotte regulations and procedures pertaining to payment card processing.

II. Scope

This standard applies to:

A. All academic and administrative units, organizations, affiliates, and employees of UNC Charlotte who accept credit/debit card payments for University business.

B. All external organizations contracted to provide outsourced services for Credit/Debit Card Processing for University business by the parties described in II. A.

C. All academic and administrative units, organizations, affiliates, and employees of UNC Charlotte who provide Credit/Debit Card Processing services for third parties.

III. Standard

A. Units must obtain approval from the Vice Chancellor for Business Affairs (VCBA) or his/her designee to process Payment (Credit/Debit) Cards.

This includes, but is not limited to:

1. All contract and software and/or equipment purchases or usage. This applies regardless of the transaction method used (e.g. eCommerce, POS device, mobile capture, or eCommerce outsourced to a third party). All outsourcing agreements must meet the standards set forth in the Payment (Credit/Debit) Card Processing Procedures.
2. All technology implementations associated with Payment (Credit/Debit) Card Processing. Implementations include any activity that impacts UNC Charlotte ITS infrastructure, enterprise applications, security, and/or staffing, as well as those that might impact the designated VCBA platform for card processing and/or the staff associated with it. All technology implementations (including approval of authorized payment gateways) associated with the Payment (Credit/Debit) Card Processing must be in accordance with the Payment (Credit Card) Processing Procedures.
3. All methods of capture and transmission of payment card data.
4. The approval of campus units, organizations, or individuals to conduct business utilizing payment cards and the approval of staff within their areas to interface with payment card data.

B. All Payment (Credit/Debit) Card Processing activities must be registered with the unit designated by the VCBA.

C. Cardholder data may not be stored on any UNC Charlotte computer device or network. Any exceptions must be in writing and signed by both the VCBA and Chief Information Officer (CIO). Anyone who is granted an exception must contact ITS Information Security for assistance with interpretation and implementation.

D. All departments or units which receive approval for UNC Charlotte card processing activity must comply with the Payment Card Industry Data Security Standards (PCI DSS) and are required to validate their compliance as specified by the Standard and UNC Charlotte validation requirements.

E. All Payment (Credit/Debit) Card Processing activities must comply with the state of North Carolina General Statutes (G.S.) and policies. That includes but is not limited to the North Carolina (NC) G.S. 147-77 (Daily Deposit Act), NC Office of the State Controller (NC OSC) Policy 500.1 (Maximization of Electronic Payment), 500.2 (Master Services Agreements for Electronic Payments), 500.11 (Compliance with PCI Data Security Standards), 500.13 (NC Security and Privacy of Data), and NC Session Law 99-434 which amended multiple General Statutes related to the acceptance of electronic payments.

F. All staff that interface with payment card activities, cardholder data, and/or associated reporting or administrative portals must meet requirements detailed within the PCI DSS and Payment (Credit/Debit) Card Processing Procedures.

G. All Payment (Credit/Debit) Card Processing will be conducted according to current Payment (Credit/Debit) Card Processing Procedures.

IV. Procedures

The Payment (Credit/Debit) Card Processing Procedures document provides the details for implementing this Standard. These procedures carry the full force of this Standard.

V. Revisions and Exceptions

This Standard may be revised only with the approval of the VCBA or his/her designee of UNC Charlotte. The VCBA and the CIO may grant exception to this Standard or the Payment (Credit/Debit) Card Processing Procedures document by mutual agreement.

Related Resources

Legal References:

• Payment Card Industry Data Security Standard (PCI-DSS)
• North Carolina State Laws and Regulations
  • NC G.S. 147-77 (Daily Deposit Act)
  • NC Session Law 99-434
  • NC OSC Policy 500.1 (Maximization of Electronic Payment)
  • NC OSC Policy 500.2 (Master Services Agreements for Electronic Payments)
  • NC OSC Policy 500.11 (Compliance with PCI Data Security Standards)
  • NC OSC Policy 500.13 (NC Security and Privacy of Data)

Other References:

• UNC Charlotte Credit/Debit Card Processing Procedures
• UNC Charlotte Policy 307 Responsible Use of University Computing and Electronic Communication Resources
• UNC Charlotte Policy 311 Information Security
• UNC Charlotte Standard for Information Classification
• UNC Charlotte Guideline for Data Handling
• ISO/IEC 27002

ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management

Revision History

Approved: 10/5/2006
Revised: 1/7/2015

Last Updated: January 7, 2015

PCI Security Standards Council

The Payment Card Industry (PCI) Security Standards Council’s mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders.

Last Updated: November 10, 2014

Social Security Administration

Social Security website helps individuals get secure access to the information they need.

Last Updated: November 10, 2014

Purpose

The purpose of this standard is to provide guidance on the requirements for the use of University funds to pay for professional business activities considered external conferences, internal conferences, training sessions, or retreats.

Scope

This standard applies to all situations where University funds are used.

Contacts

Direct any general questions about this standard to your department’s business officer or fund administrator. If you have specific questions, please refer to the contacts for fund use guidance listed in Appendix 1 of the University’s Financial Management Guidelines.

Standard

1. External conferences, internal conferences, and training sessions: Operating funds may be used for external conferences, internal conferences, or training sessions, subject to the provisions below.
   1. The conference or session must be planned in detail in advance, have a formal agenda or curriculum, and have a written invitation to participants.
   2. The conference must be held in state facilities when possible.
   3. The conference or session must be attended by ten (10) or more participants in order to use The General Fund, Institutional Trust Funds, or Special Funds for refreshments, limited to $5.00 per person per day^[1].
   4. External conferences: An external conference is one that is attended by persons other than employees of a single agency. The registration fee must include meal costs in order for the University to pay for meals from the General Fund, Institutional Trust Funds, or Special Funds. The registration fee cannot, however, consist exclusively of meals. Registration fees cannot include costs of entertainment, alcohol, setups, flowers, and promotional (gift) items. Any registration fees collected in excess of related expenses cannot be used for other programs and must revert to The General Fund. The General Fund may not be used to pay for conference meals if a conference fee was not charged. Grant or trust funds that allow for the provision of conference meals can be used for that purpose if explicitly stated^[2].
   5. Internal conferences: An internal conference is one that is attended by employees within a particular agency only. A routine staff meeting is not an internal conference. No payment for meals is allowable from The General Fund, Institutional Trust Funds, or Special Funds unless overnight travel criteria are met^[3].
   6. Training sessions: Training involves courses that further develop an employee’s knowledge, skill, and ability to perform the duties of their present job, such as courses on computer usage or management skills development. No payment for meals is allowable from The General Fund, Institutional Trust Funds, or Special Funds unless overnight travel criteria are met^[4]. The General Fund, Institutional Trust Funds, or Special Funds may be used for training books and materials related to training sessions, provided those books are required to participate in the training sessions. These books are considered the property of the University, not the employee.
   7. Discretionary funds may be used for any costs not allowed under the provisions listed above as long as the event has valid University business purpose.
2. Retreats: The General Fund, Institutional Trust Funds, or Special Funds may only be used for management retreats held by the Chancellor for their management team^[5]. Discretionary funds may be used for other University-related retreats with a valid University business purpose.

Related Resources

• University Policy 601.8, Appropriate Use of University Funds
• Standard for Meals and Entertainment
• Allowable Fund Usage Table
• University Financial Management Guidelines
• North Carolina Budget Manual

Revision History

• Initially approved May 1, 2017
• Updated May 12, 2017
• Revised July 10, 2017
• Revised May 5, 2020
• Revised April 1, 2021

^[1] Refer to OSBM Budget Manual, Section 7, “State-Sponsored Events”

^[2] Ibid.

^[3] Ibid.

^[4] Ibid.

^[5] Refer to OSBM Budget Manual, Section 7.6, “Management Retreats.”

Last Updated: April 1, 2021