PCI Compliance at UT
In order to reduce risks associated with the Payment Card Industry Data Security Standard (PCI DSS), any department or organization at the University of Tennessee or the Univeristy of Tennessee Foundation with a Merchant ID for credit card processing must now take part in PCI security training. This is a part of the University’s formal PCI security awareness program required by PCI DSS, as well as UT policy FI0311 – Credit Card Processing.
Handouts, slides, and links to other resources can be found below.
- 2016 PCI Training (please allow a few seconds to download)
Merchant Documentation Templates
- PCI DSS Internal Policies and Procedures – SAQs A & B Merchants (downloadable Word document)
- PCI DSS Internal Policies and Procedures – SAQ C Merchants (downloadable Word document)
- PCI DSS Risk Mitigation and Migration Plan Template (downloadable Word document)
- PCI Inventory Log (downloadable Excel document)
Security Awareness Information
PCI Standards and Procedures for UT/UTFI Merchants
Additional PCI Resources
SAQ Guides (PCI DSS v3.1, Rev 1.1)
- 2016 SAQ A Guide – for “card-not-present” merchants
- 2016 SAQ B Guide – for merchants using standalone, dial-out terminals not connected to the Internet
- 2016 SAQ C Guide – for merchants using a payment application system or POS system connected to the Internet
- 2016 SAQ C-VT Guide – for merchants using isolated virtual payment terminals on a personal computer connected to the Internet
If you have any questions or need additional information, please contact security.