It's National Retirement Security Month! A stress-free retirement in the future begins with smart savings and investments. Don't delay, start planning now! More Info logo

Colleen C. Davis
State Treasurer

Resources for State Agencies – PCI-DSS

A credit card secured with a lock


Credit Card Payment Security Requirements (PCI-DSS)

State Agencies that accept credit, debit, ACH, or other electronic payments must complete an annual payment security review.  These security requirements are known as Payment Card Industry Data Security Standards (PCI-DSS).  Agencies will be responsible for ongoing training, policy development and practice, and completion of a Self-Assessment Questionnaire (SAQ) each year.

There are 9 different SAQs.  Your merchant type, and the methods in which you handle, transmit, and store data will determine which is the right SAQ for your Agency.  OST will work with you to determine the appropriate SAQ type and will then make it available to you through CampusGuard’s online portal.

To get started, Agencies will need to do the following:

  1. Complete your Merchant Survey
  2. Submit the above survey to
  3. OST will review the survey, then contact you to establish a discovery call and guide you through the remaining steps of the process

Treasury staff will assist Delaware Agencies in this endeavor, in partnership with the Department of Technology and Information (DTI) and our contracted data security vendor, Campus Guard.  By working together, we can proactively protect and secure our payment systems.


Contact Information for PCI-DSS

State of Delaware PCI-DSS Services

Office of the State Treasurer

Lisa Embert

Chief Operating Officer

820 Silver Lake Blvd., Suite 100

Dover, DE 19904

Qualified Security Accessor


CampusGuard Data Security

Brent Hobby

Security Advisor

(865) 236-1007

PCI DSS Annual Self Attestation Questionnaire Portal –


Helpful Resources