He Contractor will be required to provide Compliance advisory Service offering expert guidance on PCI DSS (Payment Card Industry Data Security Standard) requirements ensuring adherence to industry standards for payment card security. Services to provided may include, among others to be defined during the contract, the following: PCI DSS AUDIT AND COMPLIANCE SERVICES Define Cardholder Data Environment; provide PCI DSS Self-Assessment Questionnaire training. Conduct Interviews of key stakeholders, process owners, and support personnel to gain the required understanding of current Cardholder Data Environment (CDE) and perform PCI validation against various CDE Components and infrastructure. Provide Qualified Security Assessor (QSA) services to assess the City’s systems and processes for PCI DSS Compliance. Support the Finance Department in the preparation for and successful completion of the annual PCI certification assessment, audits, and in ensuring continuous compliance, Identify risks that may lead to non-compliance with PCI DSS requirements. Provide PCI DSS onsite audits resulting in an Attested Self-Assessment Questionnaire (SAQ) Provide review of security policies related to PCI DSS Compliance. Document steps needed to remediate any gaps in compliance. Provide consulting and advisory services for the development and implementation of PCI environments, applications, and services. Design supplemental PCI DSS training materials such as videos, presentations, learning portal content, or written documentation, Provide onsite and/or remote PCI training. Develop templates and tools to aid in future certification efforts. Provide PCI Portal for compliance tracking, audit documentation gathering, remediation management and reporting, Designate a liaison to serve as point of contact between the Finance Department and the Contractor. The terms of the proposed contract will include a three (3) year base period and two (2) twelve-month option periods. The services will be performed at the Contractor’s site but will require visits to the City of Berkeley, Finance Department. Critical dates for the project – Annual PCI DSS Audit. The Department of Finance will provide conference room space and desktops to be used to conduct the Audits. The Contractor will provide a detailed cost estimate for all services listed above.
