Body
Policy Statement
Any use of electronic commerce at Bowdoin should prohibit the use of Bowdoin resources for any activity not related to the College’s mission.
Authority
This policy is approved by the Chief Information Officer.
Summary
This policy provides guidelines on the use of electronic commerce at Bowdoin. Electronic commerce provides a convenient way to handle business transactions such as conference registration or the purchase of course materials. However, reasonable steps should be taken to protect the personal information and privacy of purchasers. It is also in the College’s best interest to facilitate the transfer of electronic commerce transaction data to its financial systems.
Applicability
This policy applies to all Bowdoin entities that generate revenue through fundraising or the provision of goods or services.
1. Definition
For the purposes of this policy, electronic commerce is defined as the use of electronic ordering and payment mechanisms via an interactive electronic mechanism such as the World Wide Web to effect remote payment for Bowdoin College goods or services.
This policy does not cover business-to-business e-commerce pursuant to which the College purchases goods or services or to electronic ordering and payment mechanisms that are typically used between other businesses or institutions and Bowdoin College, usually referred to as Electronic Data Interchange (EDI), Electronic Funds Transfer (EFT), or Automated Clearing House (ACH).
2. Policy
Relation to College Mission
Any use of electronic commerce at Bowdoin should prohibit the use of Bowdoin resources for any activity not related to the College’s mission.
Authorized Vendor
Bowdoin has contracted with an Internet commerce transaction services vendor to handle the authorization and management of electronic orders. This arrangement allows the College to:
- Consistently require the vendor to take necessary and reasonable steps to ensure that transactions are secure
- Assure appropriate integration with College financial systems
- Ensure that parties comply with Bowdoin name use and privacy policies
- Use tested emergency response and recovery procedures
- Leverage College transactions to reduce costs
- Provide current technology and support for developing applications
Departments wishing to engage in electronic commerce must either use an authorized vendor to provide online order management services or offer evidence to the CIO that the selected vendor cannot meet the department’s business needs and that an alternative vendor meets College, Finance and Administration, and Information Technology requirements for security and for integrating transaction information into Bowdoin financial systems.
Confidentiality of Data
Departments are responsible for safeguarding the confidentiality of restricted and sensitive data related to purchases of goods or services as stated in the Information Security Policy. Specific eCommerce guidelines are:
- Use a secure and /or encrypted connections to a transaction service vendor
- Do not store any restricted electronic payment information (i.e. credit card numbers) locally
- If gathering other information about purchasers, protect this information in a secure manner, restricting access to those who have a valid need to know.
Departments should adhere to Bowdoin’s e-commerce privacy guidelines and security procedures, linking to the guidelines/procedures at each point-of-sale. If a valid business reason dictates departure from privacy guidelines, departments should explicitly advise customers at the point(s) of sale of how their practice departs from College guidelines.
Advertising Policy
IT is responsible for creating web interface to the vendor’s on-line order management system. If the website is in the Bowdoin.edu domain, in general, no third-party advertising is allowed (see Computer and Network Usage Policy).
3. Implementation Guidelines
Bowdoin eCommerce stores must meet the Payment Card Industry Data Security Standard (PCI-DSS) standards.
Additional assistance on setting up and running an electronic commerce store is available from Information Technology. Departments should work with representatives of Information Technology, their applications development support team, and Finance and Administration to create their electronic commerce-enabled web site.