To: Business Managers, Deans, Directors and Department Chairs
From: DeAhn Baucom, Chair – CERTIFI Committee
It is important to remember that PCI compliance is a process and not an event.
2018 Review
CERTIFI members visited every merchant included in the University’s annual Attestation of Compliance (AOC) over the course of five months. During these meetings, committee members assisted with the completion of the annual attestation documents. These meetings supported the attestation and provided additional documentation of the University’s compliance. For the second year in a row the University attested full compliance to the Payment Card Industry (PCI) Data Security Standard.
New SAQ A Requirements for 2019
The PCI Security Standards Council has issued two additional requirements for SAQ A merchants regarding computer server security. For this reason, we will ask each SAQ A merchant to identify their primary IT contact—the person responsible for the website that invokes TouchNet or other payment gateways to ask customers for their credit card information.
2019 Town Hall Meetings
In previous years the committee has asked that anyone involved with processing credit cards attend one of these sessions. This year, attendance will be mandatory only for business managers and SAQ preparers. However, these town hall meetings are open to additional team members with an interest in PCI compliance who are invited by a required attendee.
Below are the dates for the planned Town Halls. All sessions will be held in Toy Lounge in Dey Hall. More sessions may be added to the schedule if necessary.
- Thursday, March 14: 10:00 a.m. – 11:00 a.m.
- Tuesday, March 19: 10:00 a.m. – 11:00 a.m.
- Thursday, March 21: 10:00 a.m. – 11:00 a.m.
PCI Town Hall Meeting Registration.
Note: This memo is also being sent to Self-Assessment Questionnaire (SAQ) Preparers.
If you have any questions, please email certifi@unc.edu.