Frequently Asked Question
Why are there multiple PCI DSS Self-assessment Questionnaires (SAQs)?
The PCI Data Security Standard Self-assessment Questionnaire (SAQ) is a validation tool to assist merchants and service providers in demonstrating their compliance with the PCI Data Security Standard (PCI DSS) through a self- assessment, as permitted by the payment brands.
There are multiple versions of the SAQ to meet various scenarios, depending on how your organization stores, processes, or transmits cardholder data. For more information on how to complete the SAQ, please refer to the “Self-Assessment Questionnaire Instructions and Guidelines”, available in the Document Library.
Merchants should also consult with their acquirer (merchant bank) or the payment brands directly to determine if they are eligible or required to submit an SAQ, and if so, which SAQ is appropriate for their environment.
Featured FAQ Articles
Most Recently Updated
Is a QSA Employee that designs, develops, or implements specific controls for a customer also permitted to assess those same controls?
What impact does the inclusion of UnionPay in PCI DSS documents have on an entity’s PCI DSS assessment?
Can a PFI Company perform subsequent PFI investigations for the same entity?