Merchants and service providers not required to have a third-party assessment must submit a Self-Assessment Questionnaire (SAQ). This is a validation tool to assist in self-evaluating compliance with the Payment Card Industry Data Security Standard (PCI DSS). There are multiple versions of the SAQ to meet various scenarios. Merchants should consult their acquirer or payment brand to determine whether they qualify for a self-assessment and which version is appropriate. (PCI SAQ guidelines)
Meeting the Guidelines
The answers you provide on the SAQ are serious claims about your organization’s security capabilities. In the event of a security breach or loss of data, you will be held accountable for these claims. When in doubt, get help rather than assuming or guessing.
Qualified Security Assessors (QSA) from KalioTek provide assistance to merchants and service providers who qualify to submit the SAQ, but lack the security expertise to respond to the requirement questions. In addition to being QSA certified, our consultants have years of operational IT and data center expertise to draw from in advising our clients. Assistance can take the following forms:
- Help merchant with each of the twelve PCI DSS requirements
- Offer clarification on some of the more technical requirements
- Utilize QSA expertise to facilitate merchant’s path to PCI DSS compliance
- Identify needed remediation projects to meet PCI DSS compliance