Monthly Closing Deadlines

The January 2024 period in the general ledger has closed.  The current and future month-end processing deadline schedules are located at Monthly Closing Deadlines.

Travel News

Please know our Controller’s office team is aware of the delays and some backlog in processing Travel Expense reimbursements. Similar to staffing shortages and new staff recruitment challenges continued to be experienced throughout our university departments, our Travel team has been operating with less than our normal staffing levels and hiring/training of new staff has been slow thereby contributing to delays we have not experienced before. We are taking every reasonable measure to work to expedite the process to issue reimbursements, but kindly ask your cooperation to ensure Expenses reports are fully complete, accurate and with all required receipts and supporting documentation as this will immensely help our Travel team process the reimbursements faster. We appreciate your understanding and cooperation, and rest assured our team is committed to make every effort to return to more normal turn-around time in processing your Travel reimbursements with your help.

Additional travel updates:

• Travel Authorization Request:
  • When completing a TA, travelers will be asked to complete a pre-departure Foreign Travel Guidance and Screening Questionnaire and acknowledge their understanding of FIU’s Guidance for International Travel. This must be completed and approved prior to travel taking place.  We recommend that FIU travelers or proxies submit their foreign travel TA’s at least twenty (20) business days before departure to allow sufficient time for the request to be screened and approved by the Export Control Office. Failure to do so may result in a trip delay. Please note that there are significant restrictions related to travel to foreign countries of concern (FCC), which may impact screening time and approval (FCCs include the People’s Republic of China, the Russian Federation, the Islamic Republic of Iran, the Democratic People’s Republic of Korea, the Republic of Cuba, the Venezuelan regime of Nicholas Maduro, or the Syrian Arab Republic).
• Expense Post Travel Compliance Reporting:
  • Additionally, upon completion of travel, all travelers to an international location must also report any honoraria and/or payments received from a foreign source within the expense report system.  All travelers must complete an Expense Post Travel Compliance Report (ER), that must be submitted within fifteen (15) business days after the completion of the trip, even if no expenses are incurred.
  • Complete information may be found on the FIU Export Controls website (“Guidance for International Travel”) or you can contact our Office of Export Controls at export@fiu.edu. Our Export Controls team will promptly partner with you to answer questions and provide support.
• Pending Travel Reports
  • Please approve Travel Authorizations, Cash Advances, and Expense reports in a timely manner. For a list of pending documents, please click here. For information regarding report status abbreviations and how to close or cancel Travel Authorizations and/or Expense Reports, please click here.

ODP Business Solutions Update

We are thrilled to announce the recent improvements made to our FIU cooperative contract in collaboration with ODP Business Solutions. As part of our semi-annual product assortment review for Contract # PUR-05407, we have expanded the range of furniture options available to our FIU community.

Effective January 10, 2024, our contract now encompasses a diverse collection of over 2,000 furniture items, featuring multiple brands and innovative solutions. We are particularly excited to introduce the NEW custom furniture program from ODP Business Solutions.

 These enhancements are designed to provide even more choices and tailored solutions to meet the unique needs of our FIU community.

For any questions or inquiries, please see below contact information for your Sales Manager, Sajena Jacob.

 Sajena Jacob

Senior Key Account Manager | Public Sector

954.461.6336 | Sajena.Jacob@odpbusiness.com

www.odpbusiness.com

Coming Soon in myFIUmarket – Integrated DNA and Consolidus

We are excited to announce that we are working on enabling Integrated DNA and Consolidus as our two latest catalogs in myFIUmarket. These catalogs should be live before the end of the fiscal year.

Integrated DNA is a scientific catalog that will offer additional options to an already extensive science catalog offering.

Consolidus is a promotional item catalog and will be the second promotional item offering after 4Imprint.

TCM – IT Questionnaire Update – PCI Compliance

The PCI related question within the IT questionnaire in TCM was revised, see below, due to an updated requirement with version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS). Furthermore, we included clarification for contract managers to avoid the question being answered incorrectly.

• Will the vendor process, store, and/or transmit cardholder information, or impact the security of FIU customer’s payment information (i.e. Third Party Service Provider’s (TPSP) pages that redirect to payment pages or TPSP’s pages that are hosted by the vendor)? (This vendor will be accepting credit card payments on behalf of the University. For instance, the vendor typically provides an online solution where a customer can pay for tuition, application fees, goods or services, and or events, etc.  This is not to be confused with paying the vendor with your pcard.)

1. If yes;
2. Please attach the Supplier’s Attestation of Compliance (AOC) *Required
3. Please attach a detailed schematic of payment card data flow *Required

• Please attach a PCI Responsibility matrix (template available). *Required

This update will impact any department engaging with a Third-Party Service Provider (TPSP) that stores, processes, or transmits on behalf of FIU, or to the extent that they could impact the security of the customer’s cardholder data environment (i.e. Third Party Service Provider’s (TPSP) pages that redirect to payment pages or TPSP’s pages that are hosted by the vendor). Additionally, it will apply to any existing third-party vendor agreements where the previous statement is true. Using TPSPs to perform services related to credit card processing can be a great way to limit your PCI DSS scope and associated responsibilities. However, TPSPs can also introduce significant risk of data breaches. Rather than allowing organizations to make assumptions regarding the PCI DSS compliance of TPSPs, the Payment Card Industry Data Security Standard (PCI DSS) has always included requirements for organizations to have an established TPSP oversight process, ensuring the appropriate due diligence is performed prior to onboarding a vendor, and annually thereafter. To support these objectives, companion Requirement 12.9 of PCI DSS V3.2.1 mandates that TPSPs acknowledge in writing to customers that they are “responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.”

With PCI DSS version 4.0, TPSP support of an entity’s PCI DSS compliance goes even further. In addition to obtaining the vendor’s Attestation of Compliance (AOC) during the TCM process and annually thereafter along with ensuring the PCI language is embedded in the contract, PCI DSS v4.0 requires that a TPSP provide PCI DSS compliance status information for any service performed on behalf of customers, as well as which PCI DSS requirements are the responsibility of the TPSP and which are the responsibility of the customer (FIU) , including any shared responsibilities. This requirement is the result of developing a document referred to as the PCI Responsibility Matrix template.

For most vendors, they may not be familiar with or possibly hesitant to provide and/or complete the PCI Responsibility Matrix.  Therefore, we have provided the community with links to a Letter template which can be used when reaching out to those vendors and a PCI Responsibility Matrix template document to support the request or aid the vendors that currently do not have one available. These links will also be included in the help note for the question within the IT questionnaire in TCM. For our merchants and/or departments whom are currently engaged with a TPSP, we will be reaching out to you and the vendors requesting the PCI Responsibility Matrix. Any questions or clarification regarding this matter, please contact your PCI Compliance team via email at pcicompliance@fiu.edu.

Card Cancellation Process

Departments have a responsibility for timely card cancellation. When a card needs to be cancelled due to a cardholder transferring to another department or termination of employment, the approver or Department MUST notify the CCS Team in an email immediately, prior to any Card Cancellation Form being sent.

Departments that fail to follow the correct and timely card cancellation protocols risk losing the card privileges for their entire unit.