11. Payment Card Industry Audit Report
INTERNAL AUDIT REPORT Information Technology Audit Payment Card Industry (PCI) QSA Review Results Self-Assessment Questionnaire D signed July 30, 2020 Issue Date: August 14, 2020 Report No. 2020-12 INTERNAL AUDIT Payment Card Industry (PCI) QSA Review Results Executive Summary The Payment Card Industry (PCI), through banking and card-brand agreements, requires merchants like the Port of Seattle, to complete an annual Self-Assessment Questionnaire (SAQ) to verify to the Port's merchant bank (acquirer), that the Port's security controls over credit card data processing meet the PCI requirements. The PCI Standards Council cybersecurity requirements are periodically updated and are prescriptive in nature. The PCI Data Security Standard (DSS) Self-Assessment Questionnaire (SAQ) D, which the Port is required to comply with, contains over 250 specific security questions. The PCI assessment was performed for the reporting year 2020, by an external party, MegaplanIT, L.L.C., with the assistance of Information & Communication Technology, Information Security, and Aviation Maintenance. In order to complete their assessment, MegaplanIT used the PCI DSS SAQ D, and the Attestation of Compliance for Merchants. This firm has performed the assessment for the last three years; however, Internal Audit will perform the assessment for the 2021 reporting year. The 2020 review was completed and signed by Dan Thomas, Chief Financial Officer, on July 30, 2020 and was noted to be "Compliant: All sections of the PCI DSS SAQ are complete, all questions answered affirmatively, resulting in an overall COMPLIANT rating; thereby Port of Seattle has demonstrated full compliance with the PCI DSS." The Port has been performing PCI reviews for over 10 years and this is the first year the Port has obtained a compliant result. Previous non-compliant years had seen a steady reduction in identified issues. Glenn Fernandes, CPA Director, Internal Audit Responsible Management Team Dan Thomas, Chief Financial Officer Matt Breed, Chief Information Officer Ron Jimerson, Director of Information Security Stephanie Warren, Manager of Information Security 2
Limitations of Translatable Documents
PDF files are created with text and images are placed at an exact position on a page of a fixed size.
Web pages are fluid in nature, and the exact positioning of PDF text creates presentation problems.
PDFs that are full page graphics, or scanned pages are generally unable to be made accessible, In these cases, viewing whatever plain text could be extracted is the only alternative.