Payment Card Industry Data Security Standards (PCI DSS) Compliance
Any State agency accepting credit cards as a form of payment must complete a yearly Self-Assessment Questionnaire (SAQ), reviewed and signed by the State's Internal Security Assessor (ISA) and submitted to the State Treasurer's Office.
Each State agency must have available a "Merchant Manual" which will be reviewed by the State's ISA and will include the following items:
Section 6: Agreements with Treasurer's Office/Employees/Third Party Providers
Copy of signed Incident Response Plan Agreement.
Copies of all agreements with vendor's processing credit card transactions and/or hosting your website.
Employee training signed documents.