Specifications include, but are not limited to: The West Virginia State Treasurer's Office (WVSTO) has a payment processing infrastructure that is subject to Payment Card Industry (“PCI”) requirements. Additionally, the WVSTO manages the merchant services contract for the State and provides a gateway for approximately seventy (70) West Virginia agencies which have a variety of methods for collecting payments, including various online and point-of-sale methods. The WVSTO estimates that sixty (60) agencies process less than 10,000 transactions per year with several processing less than 100 transactions per year. However, there are a few agencies that process approximately 100,000 transactions per year. Currently, the WVSTO is attesting to PCI DSS SAQ D, Merchant Level 3. PCI compliance for the WVSTO is managed by an internal PCI Compliance Group (which includes a PCI Internal Security Assessor (ISA)). The WVSTO is currently compliant with PCI DSS SAQ D for merchants, Version 3.2, which was filed June 2018. The intent of this solicitation is to contain two components for consideration: (1) a one-time assessment of the efforts of the PCI Internal Compliance Group of the WVSTO, and (2) ongoing ad hoc consultations for other agencies.