Every merchant at the University of Ottawa is required to follow instructions issued by the PCI DSS Compliance Office in terms of completing an annual self-assessment questionnaire (SAQ), which is a validation tool used by eligible organizations or merchants to self-assess their PCI DSS compliance. Different SAQs are available for various business environments.
The University of Ottawa has retained the services of a qualified security assessor (QSA), who is a cybersecurity expert, to support us in our efforts to complete these assessments, identify vulnerabilities, conduct randomized sampling audits, review our policies, and meet current industry standards. A QSA is qualified by the PCI Security Standards Council to perform PCI DSS assessments.
The PCI Compliance Office (PCO) reserves the right to conduct periodic inspections, both announced and unannounced, of our devices as part of the University’s compliance requirements.