Annual SAQ Process

Annual SAQ process

To stay PCI compliant, Mount Royal University is required to undergo an annual Self Assessment Questionnaire process. The following flowchart summarizes this annual SAQ process.

PCI_Annual_SAQ

For more information about a step in the flowchart, click on the corresponding link below.

The PCI Working Committee identifies any changes to the PCI DSS that will effect this years submission.

The IT Web Applications team updates the PCI database with any changes identified by the PCI Working Committee.

The Commerce Group is notified they are to begin the annual SAQ process.

Business units are contacted and asked to review and update the Visio and Word versions of the As Is processes and their cash handling procedures.

The Commerce Coordinator meets with each BU and the IT Security & Compliance Analyst to review any changes and remediate where required.

The database is updated with the remediated changes. The database then generates BU specific SAQ assessments. These assessments are then sent out to the BUs.

The Commerce Coordinator obtains a signoff from each BU that the information in the completed SAQ assessment is accurate and matches their current procedures as well as the current PCI DSS version.
All documents are consolidated and the SAQ-D is completed and presented to the PCI Working & Steering Committees.
The SAQ is stored and copies are emailed to the acquirer.