In an effort to adjust the PCI audit due date away from the fiscal year end date to the end of the calendar year, we are moving into the next PCI audit cycle.  Beginning the first week of August 2018 the audit portal, Suralink, will be available for agencies to begin uploading their PCI documentation.  If you had access to Suralink previously, you can use the same credentials.  If you have new or additional staff who needs access, please email [email protected] with their name and contact information and I will send out a request.

The onsite audit schedule will be from August 27th to September 14th.  Please contact [email protected] to reserve a slot that works best for your agency; otherwise, a slot will be assigned.  Some requirements are valid for one year (12 months) from the date of completion.  Therefore, the documentation to upload will be the same as last cycle.  An example of such would be PCI training previously taken by an employee.  You can submit the training results from the last audit.  Training for any new or additional employee(s) since the submission will need to be added to the existing list.  The quarterly scans, inventory and tampering logs can be added to the previously submitted documentation.

Please make sure that your agency head or director signs the Self-Assessment Questionnaire (SAQ).

If you need assistance or this is new to your position, please do not hesitate to contact [email protected]  to go over the steps and documentation requirements.