PCI Compliance at UT

In order to reduce risks associated with the Payment Card Industry Data Security Standard (PCI DSS), any department or organization at the University of Tennessee or the University of Tennessee Foundation with a Merchant ID for credit card processing must now take part in PCI security training. This is a part of the University’s formal PCI security awareness program required by PCI DSS, as well as UT policy FI0311 – Credit Card Processing.

Handouts, slides, and links to other resources can be found below.

Training Presentations

PCI-Compliance-Training and Attestation: Effective January 1, 2024, please contact Stephen Brown or Justin Holt for more information.

Merchant Documentation Templates

PCI DSS Internal Policies and Procedures – SAQs A & B Merchants (downloadable Word document)
PCI DSS Internal Policies and Procedures – SAQ C Merchants (downloadable Word document)
PCI DSS Risk Mitigation and Migration Plan Template (downloadable Word document)

PCI Inventory Log (downloadable Excel document)

SAQ Guides (PCI DSS v3.2.1 – effective June 2018)

PCI-DSS-v3_2_1-SAQ-A – for “card-not-present” merchants

PCI-DSS-v3_2_1-SAQ-B – for merchants using standalone, dial-out terminals not connected to the Internet

PCI-DSS-v3_2_1-SAQ-B_IP – for merchants using a payment application system or POS system connected to the Internet

PCI-DSS-v3_2_1-SAQ-C_VT – for merchants using isolated virtual payment terminals on a personal computer connected to the Internet

PCI-DSS-v3_2_1-SAQ-P2PE – for merchants using hardware payment terminals in PCI SSC-Listed P2PE solution only

If you have any questions or need additional information, please contact security.

Training Presentations

Merchant Documentation Templates

Security Awareness Information

PCI Standards and Procedures for UT/UTFI Merchants

UT Policies

Additional PCI Resources

SAQ Guides (PCI DSS v3.2.1 – effective June 2018)