The UC‑wide RSI Security PCI DSS Agreement, executed November 24, 2025, establishes a systemwide framework to help UC locations meet mandatory Payment Card Industry Data Security Standard (PCI DSS) compliance requirements imposed by UC’s merchant banks. Under this agreement, RSI serves as a Qualified Security Assessor (QSA), providing expert advisory, assessment, and audit support to ensure UC payment environments align with industry security standards and pass annual PCI certification reviews.
The agreement is designed to reduce institutional risk, streamline compliance efforts, and improve audit readiness by offering UC campuses access to standardized, expert‑led PCI DSS services including compliance assessments, remediation tracking, scanning services, and staff training through a competitively awarded, best‑value procurement vehicle that is open to all UC campuses, health systems, the Office of the President, and affiliates.
The RSI Agreement is available UC-wide to 10 campuses, 6 health centers, and the Lawrence Berkeley and Lawrence Livermore National Laboratories.
CalUsource contract: #2025004757
Supplier Contact:
John Shin | Managing Director
Agreement Benefits and Details
This agreement provides all UC Campuses, Health Systems, the Office of the President, and affiliates with access to Qualified Security Assessor (QSA)–led PCI DSS services, ensuring consistent, expert guidance across the UC system for meeting mandatory payment card security requirements.
Reduced Compliance Risk and Audit Burden
By centralizing PCI DSS advisory, assessment, and annual certification support under a competitively awarded agreement, campuses can lower institutional risk, improve audit readiness, and reduce the operational effort typically required to manage PCI compliance independently.
Standardized and Comprehensive Services
Campuses benefit from a defined scope of services that includes PCI compliance assessments, remediation tracking, Approved Scanning Vendor (ASV) services, audit documentation support, and PCI training and awareness—delivered through a single, UC approved framework.
Flexible, Campus-specific Engagement Model
While the agreement is UC-wide, each campus negotiates its own Statement of Work, allowing services, timelines, and resources to be tailored to local environments while still leveraging systemwide terms and protections.
Best Value Pricing and Predictable Cost Structure
The agreement was awarded through a competitive RFP using a best value methodology, with fixed pricing for the initial term and capped renewal increases for cost predictability.
Simplified Procurement and Faster Onboarding
Campuses can engage RSI without conducting a separate RFP solicitation, significantly shortening procurement timelines and accelerating access to required PCI compliance services.
Support for UC Economic Development Goals
The awarded supplier is a certified small business, directly supporting UC’s systemwide objectives while meeting critical security and compliance need.
RFP Team
Time Adegbit, Melissa Cunningham (UCB) | Francisco Guerrero, Wesley Burke (UCD) | Lindsay Carroll, Nick Troup (UCI) | Allen Shui, Fenny Cole (UCLA) | Christie Harvey (UCM) | Brenda Graciano, Rachel Francisco (UCOP) | Edward Medina (UCR) | Mary Lee (UCSB) | Scott Morley (UCSC) | Achraf Adenane, Tejal Butani (UCSD) | Sean Patterson, Lourie Close (UCSF).
Questions?
Bala Balakumar | IT Category Manager | UC Systemwide Procurement