HomeMy WebLinkAboutAudit Reports - Public - Payment Card Industry's Data Security Standards (PCI DSS) - Audit Follow-up - 9/17/2018
Date: September 17, 2018
To: Kevin R. Phelps, City Manager
From: Candace MacLeod, City Auditor
Subject: Audit Follow-up: PCI DSS
In June 2016, the City Auditor’s Office completed an assessment of the City’s efforts to
protect customers’ credit card information, as required by the Payment Card Industry’s
Data Security Standards (PCI DSS). Audit follow-ups were conducted in March 2017 and
September 2017, after which one of the audit recommendations remained open
relating to establishing a contract for screening services. This item was addressed when
the City entered into a screening services agreement in FY18.
Please contact me if you have any questions.
Attachment
cc: Michael D. Bailey, City Attorney
Jim Brown, Director of Human Resources and Risk Management
Lisette Camacho, Assistant Director of Budget and Finance
Tom Duensing, Assistant City Manager
Jack Friedline, Assistant City Manager
Vicki Rios, Director of Budget and Finance
_____________________________________________________________________________________
City Auditor’s Office 1 PCI DSS Audit Follow-up
Recommendation
Management Response
September 2017
Management Response
September 2018 Status
4.1 HR work in
conjunction with
Materials
Management to
ensure background
screening services
comply with City
procurement policies
and incorporate
safeguards to
protect PII.
In Process. The original
contract was provided
by GIS and is currently
being re-written. The
estimated completion
date is November 30,
2017.
Contract C18-0062 was
signed with GIS for
screening services on
December 27, 2017.
Closed