- Identify and document all the areas that accept payment cards in any capacity.
- Confirm complete inventory of all systems, processes, and people that store, process, or access cardholder data.
- Engage with your merchants. Make periodic unannounced visits to the merchants on campus to verify various payment processes in place, ensure applicable documentation is up to date, current device inspection logs, etc.
- Update documentation as processes change. Dedicate a shared, central location for collecting and storing all documentation and evidence necessary for attesting compliance and provide access to responsible team members. This way you aren’t scrambling to gather all of the necessary policies, logs, scan reports, etc. when your attestation date rolls around.
- Review potential new vendors and ensure their processes are compliant.
- Make sure appropriate security controls have been applied against each system that interacts with cardholder data.
- Ensure access control logs for sensitive areas/visitor logs contain the most recent 3 months.
- Identify the quarterly vulnerability scanning schedule (external and internal).
- Test for the presence of wireless access points.
Visit our PCI DSS page to learn more. Contact our team if you have any questions or need assistance with your PCI DSS compliance program.
