Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Self-Assessment Questionnaire

PCI DSS New Self-Assessment Questionnaire (SAQ) Summary

SAQ Overview

The effective date of the new PCI DSS v1.2 standard was October 1, 2008, and the sunset date of the PCI DSS v1.1 was December 31, 2008. For assessments started after December 31, version 1.2 must be used.

The PCI Data Security Standard Self-Assessment Questionnaire is a validation tool intended to assist merchants and service providers in self-evaluating their compliance with the Payment Card Industry Data Security Standard (PCI DSS). There are multiple versions of the PCI DSS SAQ to meet various scenarios. This document has been developed to help organizations determine which SAQ best applies to them.

The PCI DSS SAQ is a validation tool for merchants and service providers not required to undergo an on-site data security assessment per the PCI DSS Security assessment Procedures, and may be required by your acquirer or payment brand. Please consult your acquirer or payment brand for details regarding PCI DSS validation requirements.

The PCI DSS SAQ consists of the following components:

  1. Questions correlating to the PCI DSS requirements, appropriate to service providers and merchants: See "Selecting the SAQ and Attestation that Best Apply to Your Organization" see the Instructions and Guidelines Document.
  2. Attestation of Compliance: The Attestation is your certification that you are eligible to perform and have performed the appropriate Self-Assessment.

PCI Data Security Standard Self-Assessment: How it All Fits Together

Access the SAQs

Instructions and Guidelines Document

English: pdf


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.