First off, thank you for completing your self-assessment questionnaires (SAQs) with Campus Guard. In reviewing the first batch of SAQs, we found many areas across multiple agencies that will require additional, tailored support, both from DTI and our office.
To become PCI compliant, all agencies must be able to answer "yes" or "not applicable" to every question on the SAQ, and have all the supporting processes, policies, and practices in place. Given the findings of the SAQs, we have determined that we will need additional time in order to ensure PCI compliance, and have received an extension to do so from Bank of America Merchant Services (BAMS).
Given the scale of what PCI compliance entails, here is what to expect over the next year:
- OST, in partnership with DTI, is in the process of onboarding new staff to help support this initiative. These team members will be fully briefed on our efforts to date, as well as your agency needs, and will be able to work directly with you to craft improved policies and support putting corresponding practices into effect.
- We will be contacting many of you individually to walk through the results of your current SAQ responses and offer a focused analysis of your payment card practices. This will allow us to begin prioritizing remediation needs and know where you need our assistance the most.
- We are working with DTI, OMB, Finance, and Accounting to set forth improved rules and regulations, as well as provide the right resources for PCI compliance in the future. We value your input on these updates, and will be reaching out to you for feedback as they are crafted.