Updated PCI DSS Self Assessment Questionnaire (SAQ) version 1.1

Posted on Wednesday, February 06, 2008 by Bryan Johnson

The PCI Security Standards Council released the new 1.1 version of the Self Assessment Questionnaire (SAQ). The SAQ is a validation tool designed to help merchants demonstrate compliance with PCI DSS. With this release, there are are now four unique forms (SAQ A, B, C, D) that are designed to meet the specific needs of various business scenarios. Any SAQ submissions after April 30, 2008 must be completed using the new 1.1 version. Here are the four different versions:

• SAQ A: Addresses requirements applicable to merchants who have outsourced all processing, transmission and storage of cardholder data.
• SAQ B: Created to address requirements pertinent to merchants who process cardholder data via imprint machines or standalone dial-up terminals only.
• SAQ C: Constructed to focus on requirements applicable to merchants whose payment applications systems are connected to the Internet.
• SAQ D: Designed to address requirements relevant to all service providers defined by a payment brand as eligible to complete an SAQ and those merchants who do not fall under the types addressed by SAQ A, B or C.

Here is some other helpful information:

• PCI SSC SAQ Summary: How it All Fits Together - visual representation.
• Instructions for Completing the SAQ - helps determine which SAQ is appropriate for your business.
• Navigating PCI DSS - Additional information about the 'intent' of PCI as well as some helpful guidance.
• Frequently Asked Questions

Here is the entire press release: