Live now: Board of Curators meeting

UM System

Merchant Manual Instructions

SAQ A merchant manual

Section 1 – Departmental Merchant Agreement

Section 2 – Annual PCI Self-Assessment Questionnaire

Section 3 – Cardholder Data Flow Diagram

Section 4 – Department Policies and Procedures and Annual Policy Acknowledgment

Section 5 – Third-Party Service Providers Documentation

Section 6 - PAN Scan Results

Section 7 – Training log

 

SAQ A Merchant Manual Yearly Upkeep Steps
  1. Review your policies and procedures annually and indicate the review took place on your "Revision History" of your policies.
  2. Distribute the new policies to your staff and have them complete the Annual Policy Acknowledgement.
  3. Complete and sign the SAQ A annually.
  4. Make sure 3rd party documentation is updated annually.
  5. Make sure to have a new PAN scan performed annually. 
  6. Enroll staff, complete the annual online security training, and update your training log.

 

SAQ B merchant manual

Section 1 – Departmental Merchant Agreement

Section 2 – Annual PCI Self-Assessment Questionnaire

Section 3 – Cardholder Data Flow Diagram (use the data flow from the Operational policies and procedures)

Section 4 – Department Policies and Procedures and Annual Policy Acknowledgment

Section 5 – Third-Party Service Providers Documentation

Section 6 – PAN Scan Results

Section 7 – Terminal Security Section

              Capture Device Inventory Log

              Cellular Terminal Log

              Capture Device Periodic Inspection Procedures

              Capture Device Periodic Inspection Log

              Skimming/Tampering Training

Section 8 – Training log

 

SAQ B Merchant Manual Yearly Upkeep Steps
  1. Review your policies and procedures annually and indicate the review took place on your "Revision History" of your policies.
  2. Distribute the new policies to your staff and have them complete the Annual Policy Acknowledgement.
  3. Complete and sign the SAQ B annually.
  4. Make sure your 3rd party documentation is updated annually.
  5. Make sure to have a new PAN scan performed annually.
  6. Enroll staff, complete the annual online security training, and update your training log.
  7. Perform your periodic physical inspections of your terminal(s).
 
P2PE merchant manual

Section 1 – Departmental Merchant Agreement

Section 2 – Annual PCI Self-Assessment Questionnaire

Section 3 – Cardholder Data Flow Diagram (use the data flow from the Operational policies and procedures)

Section 4 – Department Policies and Procedures and Annual Policy Acknowledgment

Section 5 – Third-Party Service Providers Documentation

Section 6 – PAN Scan Results

Section 7 – Terminal Security Section

              Capture Device Inventory Log

              Cellular Terminal Log

              Capture Device Periodic Inspection Procedures

              Capture Device Periodic Inspection Log

              Skimming/Tampering Training

Section 9 – Training log

Section 10 - PIM (P2PE Installation Manual)

 

SAQ P2PE Merchant Manual Yearly Upkeep Steps
  1. Review your policies and procedures annually and indicate the review took place on your "Revision History" of your policies.
  2. Distribute the new policies to your staff and have them complete the Annual Policy Acknowledgement.
  3. Complete and sign the SAQ P2PE annually.
  4. Make sure your 3rd party documentation is updated annually.
  5. Make sure to have a new PAN scan performed annually.
  6. Enroll staff, complete the annual online security training, and update your training log.
  7. Perform your periodic physical inspections of your terminal(s).
  8. Review your PIM (P2PE Installation Manual) annually to ensure it is up to date.

Reviewed 2024-07-10