Specifications include, but are not limited to:
Vendor shall provide Qualified Security Assessor services available to all State Agencies.
The Vendor must be in good standing with the PCI Security Standards Council (PCI SSC) as a Qualified Security
Assessor (QSA) for the contract term. The Contract, at the State’s discretion may be terminated immediately if
the Vendor has been removed from the PCI SSC listing of QSA companies or is placed on remediation status.
The QSA Company and assessor employee must submit to the State annually evidence that the QSA Company
and employee have received their annual re-qualification.
The Vendor’s employees and its servers must be located within the United States.
The Vendor must be a PCI SSC qualified QSA Company and have at least two (2) qualified QSA employees.