Denver Water

The buyer is requesting proposals for IT auditing services related to compliance with PCI DSS 4.0.1 requirements. The selected consultant will review the buyer's compliance program, act as Auditor-in-Charge, and involve internal audit staff for training. The engagement aims to assess the buyer's ability to comply with PCI DSS 4.0.1 requirements. The consultant will provide a written report and propose a plan for coaching the internal audit team.

• 10/2/2024 - Pre-proposal Conference
• 10/4/2024 - Requests for Clarification Deadline
• 10/8/2024 - Response to Written Requests
• 10/15/2024 - Proposal Due Date

• Hold Qualified Security Assessor (QSA) certification
• Work for a QSA organization vetted by PCI Security Standards Council

• Review Denver Water's PCI DSS 4.0.1 compliance program
• Act as Auditor-in-Charge for the review
• Involve Denver Water Internal Audit staff for training and coaching
• Assess compliance with PCI DSS 4.0.1 requirements
• Provide written report covering engagement objectives and compliance conclusions
• Propose plan for coaching internal audit team on PCI DSS compliance concepts