The PCI DSS SAQ documents – also commonly known as the Self-Assessment Questionnaires (SAQ), are essentially the reporting requirements for merchants and service providers that do NOT have to undergo an annual Level 1 onsite assessment by a licensed Payment Card Industry Qualified Security Assessor (PCI-QSA). The good news is that the vast majority of businesses that store, process, and/or transmit cardholder data can “self-assess” against the actual PCI DSS standards.  The challenge, however, is actually meeting the requirements set forth in each of the following respective SAQ reporting mandates:

•    SAQ A for Merchants (Card-not-present merchants, with all Cardholder Data functions being outsourced).
•    SAQ B for Merchants (Merchants with only imprint machines, or only stand-alone, dial-out terminals, with NO electronic cardholder data storage).
•    SAQ C for Merchants (Merchants with payment application systems connected to the Internet, but with NO electronic Cardholder Data storage).
•    SAQ C-VT for Merchants (Merchants using web-based virtual terminals, with NO electronic Cardholder Data storage).
•    SAQ D for Merchants and Service Providers (for all other Merchants not included in the descriptions for SAQ A – C-VT, and for ALL service providers defined by a payment brand as being actually eligible to complete a Self-Assessment Questionnaire (SAQ), and the accompany Attestation of Compliance (AOC).
•    SAQ P2PE-HW for Merchants (Merchants using only hardware payment terminals included in a PCI SSC-listed, validated, P2PE solution, with NO electronic cardholder data storage.

Sample PCI Templates for SAQ A – D, P2PE-HW | Order and Download Today | Free PCI Webinars
Additionally, the SAQ process is a two part process – first adhering to all the statement requirements for which Self-Assessment Questionnaire an organization must comply with, and then actually completing the applicable Attestation of Compliance (AoC). What merchants and service providers find that they need are policies and procedures, such as the sample PCI DSS information security compliance policies and procedures templates offered by We’ve essentially taken each of the above SAQ reporting platforms (SAQ A – D, P2PE-HW) and developed PCI policies and procedures specific to each of them, providing you exactly what’s needed from a policy requirement for PCI. It’s yet another reason why is the undisputed leader in offering sample PCI DSS information security compliance policies and procedures templates.  Learn more about our policy and procedure writing services, the PCI certification process for the Self-Assessment Questionnaires (SAQ A – D), and the importance of sample PCI templates for compliance.  Additionally, join us for free PCI training webinars to learn more about compliance with the Payment Card Industry Data Security Standards (PCI DSS).