If you process, store, or transmit credit card data, then the Payment Card Industry (PCI) requirements apply to you. PCI requirements apply to all credit card transactions. While PCI Data Security documents must be completed each calendar year, adherence to the PCI requirements is mandatory throughout the year. OSU Purchasing cards are not included in this security assessment.

What do I have to do throughout the year?

Throughout the year, you need to continuously assess your operations and fix any vulnerability which could potentially cause a credit card data breach. You can find best practices in the “expected testing” section of your Self-Assessment Questionnaire (SAQ). More on which SAQ is right for you on the "Which SAQ do I need to fill out?" page.

The SAQ is due. What now?

You will receive an e-mail which notifies you when the SAQs are due. Once you receive this e-mail follow the four step process below:

  1. Check the Status Report:

    The PCI DSS Status report contains all important information about OSU merchants. It is a centrally managed document but we depend on you to keep it up to date. Please verify your credit card merchant information on the OSU: PCI DSS Status Report and provide updates to BusinessAffairsPITCrew@oregonstate.edu.Since this document contains sensitive information it is password protected. If you do not have access and believe you should please contact us at the aforementioned e-mail address.

  2. Complete the SAQ Cover Page:

    Every merchant has to fill out this page and get it signed by the Merchant Manager and the Business Center. Please visit the "How to fill out the SAQ cover page" to find everything you need to fill out the SAQ cover page.

  3. Complete your SAQ:

    Every merchant on campus needs to fill out an SAQ. To learn which SAQ you have to fill out click here. Please visit the "How to fill out my SAQ?" page for OSU-specific instructions on how to fill it out.

  4. Sign and Submit:

    Once the SAQ Cover Page and the SAQ are completed please sign and scan them and then submit them to BusinessAffairsPITCrew@oregonstate.edu.

Need more information?

If you need more information on any of the topics above please visit the "SAQ Supporting Documents" page.