For agencies using third-party vendors that can affect the flow of credit or debit card data, please refer to the statewide policy of PCI Compliance by Third-Party Vendors.  If an Attestation of Compliance (AOC) or Self-Assessment Questionnaire (SAQ) document is required, it must be uploaded to Suralink by October 31, 2018. 

The PCI DSS SAQ documents need to be signed by your agency’s director or equivalent.  The signed SAQ must be uploaded to Suralink by October 31, 2018.

If you have any questions, please contact Jennifer Verhelst at [email protected] or 602-542-7844.