... ...
Carnegie Mellon University
February 15, 2019

PCI DSS Upcoming Events

The university processes over a million credit card transactions each year and must comply with Payment Card Industry Data Security Standards (PCI DSS), the industry standard for safeguarding cardholder data. Stakeholders across campus associated with the university PCI environment may be required to provide documentation and/or participate in an upcoming on-site assessment with the university’s third-party qualified security assessor (QSA) to demonstrate compliance. This year’s annual compliance reporting cycle is in process:

  • February 2019:

    • The PCI Core Team and the University Contracts Office (UCO) engaged a QSA for the 2019 reporting period. The PCI Core Team is creating the 2019 PCI compliance project plan.

    • The PCI Core Team will distribute merchant reporting packets to PCI business and technical representatives.
  • March 12, 2019 at 11 a.m. and March 21, 2019 at 1 p.m.: Security Metrics will host self-assessment questionnaire (SAQ) A, B and P2PE webinars covering responsibilities and a short introduction to Suralink. PCI network representatives will receive an email invitation with registration instructions. These trainings count as annual PCI trainings for all environments except SAQ C or SAQ C-VT. For more information contact pci-dss@lists.andrew.cmu.edu

  • March 2019 – April 2019: PCI network representatives will complete the required documentation in the merchant reporting packets with the assistance of PCI Core Team.

  • May 20 – 25, 2019: PCI network representatives will participate in the on-site assessment with the QSA.
  • June 2019: PCI Core Team will receive and review 2019 compliance reporting and manage merchant bank acceptance procedures.

For more information and resources, please visit the PCI DSS website.