PCI Data Security Standards Compliance Review for 2023

Agencies complied with County deadline, submitted forms prior to September 30th Deadline

- - 15 of the 21County and non-county entities that were required to demonstrate their compliance with the Payment Card Industry Data Security Standards (“PCI-DSS”) in 2023, did so by the September 30th deadline.

Agencies Submitted the PCI DSS forms After the September 30th County Deadline

- - Six of the 21 County and non-county entities that were required to demonstrate their compliance with the Payment Card Industry Data Security Standards (“PCI-DSS”) in 2023, submitted the forms after the September 30th deadline.

Inconsistencies between SAQ and AOC forms by Three Agencies

- - We found three agencies had either inconsistencies or absence of a wet or digital signature in the submitted SAQ and AOC forms. For example, one agency’s response entered on the “Summary of Assessment” portion identified one requirement as not applicable, “N/A”. However, the questionnaire responses were marked as “In Place” on the SAQ Form. Another agency submitted completed SAQ and AOC forms but did not sign the “Signature of Merchant Executive Officer” line.

One County agency stopped processing payment cards

- - Criminal Justice Services no longer processes, stores, or receives payment card information, and therefore is not required to complete SAQ and AOC forms annually for County PCI Compliance.

Full Report of PCI Data Security Standards