PCI DSS New Self-Assessment Questionnaire (SAQ) Summary
The effective date of the new PCI DSS v1.2 standard was October 1, 2008, and the sunset date of the PCI DSS v1.1 was December 31, 2008. For assessments started after December 31, version 1.2 must be used.
The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers in self-evaluating their compliance with the Payment Card Industry Data Security Standard (PCI DSS). There are multiple versions of the PCI DSS SAQ to meet various scenarios. This document has been developed to help organizations determine which SAQ best applies to them.
The PCI DSS SAQ is a validation tool for merchants and service providers not required to undergo an on-site data security assessment per the PCI DSS Security assessment Procedures, and may be required by your acquirer or payment brand. Please consult your acquirer or payment brand for details regarding PCI DSS validation requirements.
The PCI DSS SAQ consists of the following components:
- Questions correlating to the PCI DSS requirements, appropriate to service providers and merchants: See "Selecting the SAQ and Attestation that Best Apply to Your Organization" see the Instructions and Guidelines Document.
- Attestation of Compliance: The Attestation is your certification that you are eligible to perform and have performed the appropriate Self-Assessment.
Instructions and Guidelines Document