1 of 1

Third Party Service Provider Evaluation Checklist

1

June 1, 2020

Department & TPSP

Information Security Office

(ISO)

Office of the Treasurer Merchant Services

Contract

Team

Enterprise Technology Compliance

    • Reviews Data Risk Assessment (DRA) pre-screening questionnaire submitted by Department
    • Reviews DRA Intake Form submitted by Department (if required)
    • Approves security of vendor’s system set-up, workflow and transmissions
    • Reviews & approves Attestation of Compliance(AOC) submitted by TPSP
    • Reviews & approves Approved Scanning Vendor (ASV) report and penetration test report for external network, if AOC is not signed by a PCI SSC certified QSA or ISA

    • Mitigates counterparty & financial risk
    • Assists Departments with Merchant ID set up using the Merchant Account User Agreement form
    • Ensures the back-end payment gateway is certified with Wells Fargo Merchant Services
    • Provides merchant services support to Departments

    • Reviews contractual terms to ensure compliance with university policy and legal requirements

Confidential

Stanford University

Confidential

Stanford University