PCI Compliance

Payment Card Industry Security Standards Council (PCI SSC) established the Payment Card Industry Data Security Standards (PCI DSS to help protect consumers’ high-risk payment card data. The PCI DSS requires all organizations that process, transmit and store payment card information to comply with a set of data controls, establish IT and physical security measures, and meet policy requirements to mitigate the risk of a security breach or the loss, theft, or abuse of payment card data.  All Vanderbilt merchant owners must adhere to the PCI DSS requirements daily; and complete the PCI Compliance Recertification Process annually (timeline below).

Due DatesDue Dates
TaskSpring RecertificationFall Recertification
Initial announcement of annual recertification sent.2nd week of JanuaryLast week of August
Department submits/confirms list of employees for annual PCI training.4th week of January2nd week of September
PCI Compliance Coordinator conducts site visit.January - FebruarySeptember - October
All employees complete their PCI training.1st week of March1st week of November
Departments complete and submit their SAQs and other requested documentation.2nd week of March2nd week of November
Warming emails sent to departments who missed the deadline.3rd week of March3rd week of November
MID suspension begins until all required trainings and documents are received.4th week of March1st week of December