The Port Authority of New York and New Jersey is requesting the services of a qualified PCI information security and compliance services firm to conduct PCI compliance assessments that will accurately evaluate payment / credit card security processes, processes that can impact the security of the Cardholder Data Environment, and controls consistent with applicable PCI Data Security Standards (DSS) requirements and testing procedures; with a Gap Analysis and recommendations for meeting the gaps identified; assist with recommending corrections and/or compensating controls to address all discovered areas of non-compliance and control weaknesses during the assessment; certify compliance with 4.0 PCI DSS, and complete delivery of necessary documents including an Attestation of Compliance and Report on Compliance (ROC). The Port Authority (PA) requires an annual organizationwide Attestation of Compliance (AOC) to be filed with its merchant bank and/or made available to organizations where the PA is a third-party service provider. The Proposer will conduct assessments of different payment channels using the applicable Self-Assessment Questionnaire (SAQ) to provide the PA its PCI DSS certification Attestation of Compliance for Merchant Bank, an Attestation of Compliance (AOC) for Service Provider, an Initial Report on Compliance (internal ROC), and a final ROC. The Proposer will provide subject matter expertise to determine the applicable SAQ for each PA payment channel, provide guidance to the Agency’s internal PCI compliance team for assessment planning, and make available necessary documentation to satisfy PCI reporting requirements.
