Is there an RFP in process to secure a vendor to assist with PCI scanning and compliance for next year?
The System will extend the existing contract one year, through December 31, 2010. This recognizes the need to continue the good work of calendar year 2009 through 2010. Such an approach will be economical in that it builds on contractor knowledge gained throughout 2009 and allows time for variances in institutional compliance approaches to migrate to fewer and generally more economical “best practice” steps. As such the System will be in a much better position to issue an RFP in late summer or early fall of 2010 with a better defined scope based on far fewer compliance variables across institutions. For example, it is expected that a number of institutions will be able to migrate from a SAQ (Self Assessment Questionnaire) D to a SAQ B during calendar year 2010.
Related Questions
- Checking vendor references is a recommended part of a vendor evaluation process in procurement (RFP). Is there a way to quantify reference check results in the final vendor evaluation?
- Where can I go to learn more about the PCI Approved Scanning Vendor (ASV) scanning requirements?
- How secure is the scanning process?
