PCI DSS SAQ C Compliance | Forms | Questionnaires | Self-Assessments | PCI Security Policies
PCI DSS SAQ C – specifically, the actual questionnaire and accompanying forms – are an important component of the PCI DSS “self-assessment” process for many merchants involved in the storing, processing, and/or transmission of cardholder data. PCI DSS SAQ C is specifically geared towards merchants that process cardholder data via payment applications (i.e., point of sale systems) connected to the Internet (i.e., Cable Modem, DSL), but actually do not store any cardholder data.
Requirements for allowing Merchants to use SAQ C for PCI DSS Compliance
Before beginning the process with SAQ C, please confirm the following (according to the actual SAQ C document available at pcisecuritystandards.org):
• You have a payment application system and an Internet connection on the same device and/or same local area network (LAN).
• The payment application | Internet device is not connected to any other systems within your environment (which can be effectively achieved through network segmentation).
• You company store is not connected to other store locations, and any LAN is for a single store only.
• Your company only retains paper reports or paper copies of receipts.
• Your company does not store cardholder data in electronic format, and;
• You company’s payment application vendor uses secure techniques to provide remote support to your payment system.
PCI SAQ C Policies and Procedures Templates for Compliance | Download Today
If you meet the above stated conditions, then self-assessing with PCI SAQ C is allowed, which also requires documented PCI policies and procedures for compliance. Specifically, PCI SAQ C mandates compliance with Requirements 1 – 9 and 11 – 12 (Requirement 10 is omitted). Remember that the actual PCI DSS standards contain twelve (12) “Requirements” (i.e., sections). Additionally, a large part of compliance with SAQ C is the various policies and procedures needed, for which merchants can obtain example PCI security policies right now from pcipolicyportal.com. Just purchase the SAQ C policy and procedure templates, then follow the PCI SAQ Certification process steps as discussed by pcipolicyportal.com. PCI compliance doesn’t have to be a challenging and taxing process, so trust the experts at pcipolicyportal.com for all your PCI security policies.
pcipolicyportal.com also offers policy and procedure writing services, along with PCI policies and procedures for all other SAQ reporting mandates (A, B, C-VT, D, P2PE-HW), including Level 1 onsite assessments by an actual PCI-QSA. Contact us today to learn more and sign up for the pcipolicyportal.com training webinars, free of charge.