Implementing Advanced PCI Compliance options

Implementing Advanced PCI Compliance options and PCI best practices in iMIS is only one small part of your organization's journey. Completing the questionnaire is your first step toward certification: you then arrange for an Authorized Scanning Vendor to test each of your e-commerce IP addresses for security flaws, and after that you apply for certification. It can cost about $100 for scanning of one IP address and help in submitting the questionnaire.

The Payment Card Industry Self Assessment Questionnaire lets your organization determine if you meet mandated security levels for handling credit card transactions. The bulk of the questionnaire deals with firewalls and with clerical and network procedures. It focuses on the effects of software such as Microsoft Windows and SQL Server, as well as network authorizations and security. It does not apply to the vendors of the software you use, but the design of the software can affect what you must do to stay in compliance. Be sure to follow our guidelines for how to implement iMIS for optimal security.

There are a number of versions of the Self-Assessment Questionnaire. Consider the following when determining the correct version of the Self-Assessment Questionnaire to consult:

  • SAQ A-EP:
    • ASI-hosted and iMIS Advanced Accounting Console used only through an ASI terminal server
    • E-commerce only
    • No mail orders; no telephone orders
    • No face-to-face transactions
    • No payment terminals
  • SAQ A:
    • ASI-hosted and iMIS Advanced Accounting Console only through an ASI terminal server
    • Mail orders or telephone orders allowed
    • No face-to-face transactions
  • SAQ D:
    • Self-hosted on own premises

Note: The SAQ C is not applicable to e-commerce channels.

Credit card information is stored using AES encryption which complies with the PCI 3.2 guidelines.