Government Contract | North Carolina
Merchant Services Audit

Bid Information

Bid Alert No: 00000597226

Bid Title: Merchant Services Audit

Agency Bid No. Title: 46-16-344

Received Date: 06/10/2016

Close Date: 06/22/2016

Purchase Type: 1 year term

Delivery Point:

Delivery Date: Not Stated

Special Notices: Questions Due By 06/13/2016


Specifications include, but are not limited to:In order for the North Carolina Department of Natural and Cultural Resources to assure uniform compliance with the requirements and standards of the Payment Card Industry (PCI), the engagement of PCI QSA services is needed to implement an ongoing PCI compliance program. 5.2 OBJECTIVES PCI DSS compliance program engagement objectives include: the formation of an ongoing PCI compliance program, a plan for ongoing assessment under PCI DSS guidance, the regular training of employees on PCI regulations and best practices, the routine assessment of processes, and annual penetration testing.5.3 TASKS The Contractor shall: 1. Perform site visits for PCI Compliance and perform the following at each site: A. Annual PCI Compliance Services: i. Onsite Data Security Audits per merchant: Contractor shall conduct Onsite assessments and data security audits for up to 15 merchants. Complex merchants will need a full day. Due to the geographic dislocation of merchants across the state, will work with vendor to coordinate more than one merchant per trip if time allows. ii. PCI DSS 3.1 gap analysis: A PCI 3.1 Gap Analysis is based upon findings from the onsite assessment of merchant environments identifying areas of non-compliance and recommended remediation. An Information Security Analysis report is based upon the findings of the onsite assessment and other communication with merchant environments and others providing support. It provides professional guidance for best practices, assessments of solutions in place and a minimum of 3 recommended compliant solutions for non-compliant merchants. iii. PCI focused penetration test: Perform penetration testing for 50 hosts. iv. Quarterly Scanning and Reports: Quarterly scanning is required to be conducted. Contractor shall run, operate and report on the results of the scanning. v. PCI SAQ D Review and Assistance: SAQ D self-assessments shall require assistance and review by the Contractor

Bid Related Documents

Download Document


Download Amendment

Product Code: 94620

Agency Information

Issuing Agency: North Carolina Department of Natural and Cultural Resources

State: North Carolina

Agency Type: State and Local

Contact: Cynthia Armes, Procurement and Contract Management 109 E. Jones Street, Mail Service Center 4601, Raleigh, North Carolina, 27601

Phone: 919-807-7285




FREE Market Analysis

Get a FREE 90-Day Market Analysis and see the bids you’ve been missing