Specifications include, but are not limited to: The provision of payment card and automated clearing house (ACH) origination merchant services via a variety of web portals, internal- facing virtual terminals, interactive voice response systems, and point of sale payment processing terminals. Proposers must provide the requested materials, documentation and sample reporting regarding the use and functionality of any included service or application; or links where the material will be available for access at the discretion of the county. 1) A detailed framework for managing and mitigating complexities related to PCI compliance; and or indicate the tools and training that can be made available to county staff to assist the county in maintaining PCI compliance including a. Recommending and evaluating PCI assessors b. Providing liaison between the County of Solano and the assessors as needed. c. Assisting the County of Solano in drafting an overall plan to achieve compliance. d. Recommending specific practices that would achieve compliance. e. Participating in the PCI-related meetings and conference calls, as necessary, as an advocate for the County of Solano. 2) Copies of all relevant System & Organization Controls (SOC) Reporting, including Audited Financials, SOC 1, SOC 2, SOC 3, SOC Cybersecurity, and SOC Supply Chain audit reports. 3) A detailed framework and description of available tools for secure payment integration into existing and envisioned county applications. E.G. property taxes are payable using an online web portal maintained by the county. The ideal response will include the specification of a dedicated specialist(s) who can work with the county and any third-party vendor providing service to the county to establish the necessary communication and encryption protocols to allow for secure payment processing.
