The PCI DSS Self-Assessment Questionnaire (SAQ) is a validation tool for merchants and service providers that are not required to undergo an on-site data security assessment per the PCI DSS Security Assessment Procedures. The purpose of the SAQ is to assist organizations in self-evaluating compliance with the PCI DSS, and you may be required to share it with your acquiring bank. Please consult your acquirer for details regarding your particular PCI DSS validation requirements.
There are multiple versions of the PCI DSS SAQ to meet various business scenarios. A chart to help you determine which SAQ best applies to you and how to complete the SAQ is linked below, and is also included in the Instructions and Guidelines Document.
A "SAQ" of "Self Assessment Questionnaire" is the questionnaire required by the payment associations of Visa®, MasterCard®, Discover® Network and American Express® which assist merchants in becoming compliance with the PCI DSS. According to the Associations, all merchants and service providers are required to comply with the PCI Data Security Standard in its entirety. There are five SAQ Validation categories, shown briefly in the table below and described in more detail in the following paragraphs.