Campus-wide compliance at any university.

Get key insights from our team of PCI experts
Pass your PCI audit on schedule
Get compliance support for every merchant
From the registrar's office to bookstores, food vendors, and to every other merchant on your campus, SecurityMetrics will make sure your entire organization is scoped correctly and prepared for every step of your PCI compliance journey.
Dedicated guidance throughout the entire process
No matter your size or needs, our responsive QSAs offer expertise you can count on before, during, and after your assessment. We never overbook our assessors and ensure that you have access to the right help 24/7.
A simplified PCI process
Campuses have unique needs from the broad number of merchants to high turnover of employees and personnel, so we’ve made our PCI process easy to learn and simple to manage. Our ongoing trainings and evidence tracking tools will make everything more manageable.
PCI Assessment Timeline Steps
01
Gap analysis
During this phase, a knowledgeable SecurityMetrics QSA will complete an initial gap analysis of your university's compliance status to determine how prepared you are for your assessment. After the gap analysis is completed, feedback and remediation checklist items will be shared with you in our online project management tool.
02
PCI validation assessment
Next, your QSA will either work with you remotely to collect evidence or make an in-person visit to your location to assess your compliance to the PCI DSS. Your SecurityMetrics audit coordinator will always make sure you meet deadlines by moving along your assessment in a timely manner.
03
Remediation and retesting
At this stage, SecurityMetrics QSAs will help you evaluate your assessment and work with you to fix areas of non-compliance, expediting the retesting process to ensure a timely assessment.
04
Submission
After remediation and retesting, SecurityMetrics will submit your attestation of Compliance (AOC) and Report on Compliance (ROC) to any required parties, such as the card brand or merchant bank.

SecurityMetrics QSAs have performed 2000+ audits, mastering the audit process
Additional SecurityMetrics higher education products and solutions
Find the right support for your organization
HIPAA Solutions
HIPAA compliance absorbs time, personnel, and other valuable resources from your organization. SecurityMetrics provides comprehensive security services in a timely, accurate, and headache-free solution to HIPAA Security.
Ecommerce Solutions
SecurityMetrics offers Shopping Cart Monitor and Shopping Cart Inspect to detect a breach on university payment checkout pages.
Penetration Testing
SecurityMetrics award-winning penetration testers use ethical hacking methodologies to protect your organization and identify your vulnerabilities and minimize your risk against the most current threats.
Workforce Training
SecurityMetrics training courses address many compliance and security requirements, allowing you to customize training to your staff needs.
Threat Intelligence
SecurityMetrics Pulse lightens your workload by detecting compromises at physical locations.
Cybersecurity Services
Secure your peace of mind by partnering with an authority on data and network security for universities. Whether you're looking for assistance with PCI compliance, forensic investigations, or a complete network vulnerability assessment, we can help.
Learn more about universities and higher education solutions
Request A QuotePCI DSS Compliance FAQs
How much time does a PCI assessment take?
If you involve a third-party QSA, this likely means you have a more complex environment or more transactions.
If it’s your first time receiving a PCI audit, you are likely looking at a three-month to a year-long process, depending on readiness. This is due to the discovery process and the significant change it presents to your environment.
There are also customers who have tight deadlines and who are willing to do the hard work of preparation and may be closer to the three-month mark.
How can I increase my likelihood of passing my PCI DSS assessment?
You need vulnerability scanning requirements in hand in order to pass your audit. To pass, you need four quarterly scans and for these to meet compliance requirements. Your audit is done to help you continuously get quarterly passing scans. Make sure you are using an approved scanning vendor for your scans and follow up quickly if you fail a scan.
What is an SAQ for PCI validation?
SAQ stands for self-assessment questionnaire. Depending on an organization’s card transaction volume and the types of transactions it performs, it may be able to use an SAQ to self-evaluate its compliance with the PCI Data Security Standard.
SAQs contain questions about card data security. SAQs range in size from 22 questions (SAQ A) to 329 questions (SAQ D).
How much does a PCI assessment cost?
A PCI assessment can range widely in cost. On the low end, a PCI audit can cost 16-18K. Audits can also cost tens to hundreds of thousands of dollars depending on how many locations you have, how many parties need to be audited, how complex your network is, and so forth.
Even a short call with a SecurityMetrics representative can give you a more accurate estimate of what a PCI audit would cost you.
Does my payment solution make me PCI compliant?
No, PCI compliance is more than the technology you use to process payments. Validating compliance shows that your business handles payment card data safely, in all scenarios. No matter what solution you choose to process payments, whether online or in person, you will still need to validate compliance, even if you use point-to-point encryption. In short, the responsibility is on you to validate that your business handles payment data safely by following the PCI standard.
Resources
The following are related resources that we have prepared for you. Find more answers to your questions in our Learning Center.