PCI Compliance at UT
In order to reduce risks associated with the Payment Card Industry Data Security Standard (PCI DSS), any department or organization at the University of Tennessee or the University of Tennessee Foundation with a Merchant ID for credit card processing must now take part in PCI security training. This is a part of the University’s formal PCI security awareness program required by PCI DSS, as well as UT policy FI0311 – Credit Card Processing.
Handouts, slides, and links to other resources can be found below.
- PCI-Compliance-Training and Attestation: Effective January 1, 2024, please contact Stephen Brown or Justin Holt for more information.
Merchant Documentation Templates
- PCI DSS Internal Policies and Procedures – SAQs A & B Merchants (downloadable Word document)
- PCI DSS Internal Policies and Procedures – SAQ C Merchants (downloadable Word document)
- PCI DSS Risk Mitigation and Migration Plan Template (downloadable Word document)
PCI Inventory Log (downloadable Excel document)
Security Awareness Information
PCI Standards and Procedures for UT/UTFI Merchants
Additional PCI Resources
SAQ Guides (PCI DSS v3.2.1 – effective June 2018)
PCI-DSS-v3_2_1-SAQ-A – for “card-not-present” merchants
PCI-DSS-v3_2_1-SAQ-B – for merchants using standalone, dial-out terminals not connected to the Internet
PCI-DSS-v3_2_1-SAQ-B_IP – for merchants using a payment application system or POS system connected to the Internet
PCI-DSS-v3_2_1-SAQ-C_VT – for merchants using isolated virtual payment terminals on a personal computer connected to the Internet
PCI-DSS-v3_2_1-SAQ-P2PE – for merchants using hardware payment terminals in PCI SSC-Listed P2PE solution only
If you have any questions or need additional information, please contact security.