Payment Card Industry (PCI) Compliance
PCI Assessment, Customer Compliance Portal, PCI Report on Compliance
Service #1: PCI Assessment - A vendor developed approach and methodology taking into consideration information security best practices while focusing the review on the PCI Data Security Standard (DSS) and applying those standards to Wyoming's agency-based environment. State business processes, and supporting networks are analyzed for adherence to the PCI DSS. Physical security is also reviewed. Departments and the IT organization are provided PCI awareness training. Merchant departments that handle or are involved with payment card data are interviewed for gaps in compliance. After this thorough review, the vendor delivers a detailed Findings Report along with a roadmap to guide the State to full compliance.
Service #2: Customer Compliance Portal - A vendor developed a compliance management portal, in direct response to the unique needs of community-based organizations. This means that you can easily view the progress each department is making toward PCI compliance. Documents such as network drawings, configuration documentation, and SAQs can be retained in the portal for reference and verification to your acquirer for compliance.
Service #3: PCI Report on Compliance - A vendor developed an approach and methodology for Report on Compliance (ROC) services that takes into consideration the standards of information security to include the PCI DSS and how to apply those standards into any community-based environment. The vendor will analyze business processes and the networks that support them, provide PCI awareness training for merchants and the IT organization, and deliver a detailed findings list that will be used to guide the State to address the necessary actions to full compliance before a final Report on Compliance is delivered when the state is ready.
Defined in W.S. 9-2-2904(a)(i), this policy applies to all State of Wyoming (State) personnel and contractors storing, processing, transmitting, and accessing secure account data. All third parties handling, storing, processing, transmitting, accessing, or affecting the security of account data on behalf of the state must remain compliant at all times with the current version of the PCI DSS. When PCI DSS requirements conflict with local, state, or federal laws and regulations, applicable local, state or federal law shall control.
ETS will be working with a vendor to provide a PCI Assessment, PCI Report on Compliance with Annual Support for agencies that are accepting debit/credit card payments.