Oct 2, 2020 10:15 am
ActivityAD2650 Payment Card Security
Records Series

31 - PCI DSS Compliance Files

OPRFinancial Services
DescriptionRecords consists of PIN pad inspection logs, PCI staff logs, declaration documents, Self-Assessment Questionnaires (SAQ), Attestations of Compliance (AOC), workflow diagrams, network diagrams, Approved Scanning Vendor (ASV) results, internal and external audit records, device and equipment inventories, user account and access rights management, reviews of third-party service providers, and annual PCI compliance submissions.
Retention TriggerCY
Total Retention 3 years
Final ActionD
Disposition Plan
Retention Rationale
Retention based on anticipated operational use.
Vital Records

This schedule applies to official records in all media. Convenience or duplicate copies of official records are considered transitory and should not be kept longer than necessary, and in no event longer than the official copy.


  • AR = Transfer to Archives
  • AY = End of Academic Year
  • CO = Continuous OVerwrite
  • CY = End of Calendar Year
  • D = Destroy / Delete
  • DP = Special Disposition Plan
  • FY = End of Fiscal Year
  • OPR = Office of Primary Responsibility
  • PIB = Personal Information Bank

Printed on Wednesday, May 22 2024