PCI self assessment questionnaires (SAQ)

PCI Compliance Strategic Plan | How to Become Compliant | PCI DSS

Need to be Payment Card Industry (PCI) compliant in 2009? Are you a Merchant, Service Provider, Third Party Processor or some other Third Party outsourcing entity involved in the process, storing, or transmitting of payment and creditcard data? If so, listen up, because you need to develop a PCI compliance strategic plan that fits your organization. How so? By following these simple steps.

1. First and foremost, you need to find out exactly what level you fall under for purposes of PCI compliance. Take a quick look at these charts for finding out your transaction volume. When you’ve identified your level, then find out what is required of you.

2. If you need an actual onsite PCI DSS assessment by a Qualified Security Assessor (QSA), then its time to roll up your sleeves and find one. If you can self-assess with a Self-Assessment Questionnaire, known as the “SAQ”, then you may still need some guidance from a QSA; it all depends on your comfort level and how much you can accomplish on your own.

3. Good luck. Remember, if you get into a jam, a QSA can always help with your PCI Compliance strategic plan.

PCI Security Standards | Learn How to Become PCI Compliant

Payment Card Industry (PCI) compliance is becoming a force to reckon with, to say the least. It seems as if every possible and conceivable industry in the country is being affected by PCI compliance, either directly or indirectly. What’s important to note about PCI compliance is that it primarily affects merchants, service providers, third party processors, and other third party outsourcing entities that are involved in the storage, transmission, or processing of cardholder and payment data.

Before you jump off a bridge because of the costs and time involved with PCI compliance, take a deep breath and look at it in a practical manner. The PCI security standards, official known as the Payment Card Industry Data Security Standards (PCI DSS v1.2) illustrates exactly what needs to be accomplished and validated for PCI compliance, if you have to have an onsite PCI assessment. If you don’t and you can essentially “self assess”, then you can simply obtain the “self assessment” questionnaires.

So how do you know if you need an onsite PCI assessment done by a QSA or a “self assessment questionnaire”? Well, find your transaction volume for processing credit cards, and that will give you the answer.

Once you’ve don that, you will be on your way to clearly understanding what needs to be done for purposes of PCI compliance.

To learn more about PCI compliance, the onsite PCI assessments and the different PCI “self assessment questionnaires” contact me directly and i will assist you in any way i can.