The GBiz income collection section of Suffolk County Council website complies with PCI DSS requirements. Suffolk County Council is not a 3rd Party organisation for maintained school/PRUs as their accounts are held within SCC accounts.
Where parents use the SCC website for paying school dinner monies (through EATS/EFMS or direct with SCC):
- the school needs to complete Section B of the Certificate of PCI DSS Compliance and list SCC as a 3rd Party (so that the Schools’ Accountancy Team and Audit are aware of this activity)
- the school does not need to obtain an Attestation of Compliance.
Schools will need to obtain Attestations for any other 3rd Party organisations that are also used e.g. ParentPay