Applicability: University of Washington
Standard Title: Policy Exemptions
PDF Version: oms-guidance-exemption-requests.pdf
Purpose
The purpose of this guidance is to document the process to request an exemption to any Office of Merchant Services (OMS) policies, procedures or standards.
Scope
This guidance applies to all UW Merchants.
Exemption Process
There are no exemptions to PCI Compliance. The University is contractually obligated to be PCI Compliant. Merchants may ask for an exemption to an OMS policy, procedure, or standard; but must prove in doing so they remain PCI Compliant.
Merchants requesting an exemption will complete the Exemption Request form linked below and return to pcihelp@uw.edu. Exemptions to OMS policies, procedures or standards must be approved by the Director or Assistant Director.
All exemptions are reviewed on a case-by-case basis and expire after one year to ensure the exemption is reviewed annually for validity and necessity.
A merchant who wishes to receive an exemption, may be required for the first year to cover the cost of a full attestation through the University’s Qualified Security Assessor. After the first year, provided the merchant passes attestation, OMS staff will conduct follow up reviews. Any merchant found not in compliance after this full attestation must become compliant within 90 days.
Links
- Exemption Request Form: oms-form-exemption-request.docx
Administrative Information
Version: 1.0
Superseded Standards: None
Date Established: Mar 31, 2021
Date Effective: Mar 31, 2021
Next Review Date: Mar 31, 2022
Approved by: Kevin Doar – Director, Office of Merchant Services
Contact: Office of Merchant Services – pcihelp@uw.edu