The Self-Assessment Questionnaire is a form that Merchants may be required to complete every year and submit to their Acquiring Bank. It was created by the PCI Council. Completing a Self-Assessment Questionnaire helps Merchants do two things:
• Check their Compliance, by finding out for themselves if they are in compliance with the Data Security Standard; and
• Complete part of their Validation, but giving others, such as their Acquiring Bank, evidence that they are in Compliance with the PCI Data Security Standard.
As of February 2008, there is no longer a single ‘one size fits all’ Self-Assessment Questionnaire. Merchants now need to identify which of 5 ‘Validation Type’ categories they fit into, and then complete the appropriate Self-Assessment Questionnaire for their category. For some Merchants, the appropriate Self-Assessment Questionnaire is short and simple, while for other merchants the appropriate Self-Assessment Questionnaire is long and extremely technical. Note that for all versions of the Self-Assessment Questionnaire, Merchants will only pass if they pass (or be able to say ‘Not Applicable’ to) ALL of the questions in the Questionnaire.
This web site gives Merchants access to free tools and services that make it much easier for them to identify the Self-Assessment Questionnaire that is appropriate for them, and complete it. In fact, the tools here do it for the Merchant, based on their answers to some much simpler questions that this web-site asks. Where the questions are complicated or technical, the tools provide expert assistance and guidance. Merchants also have access through this site to a variety of tools and services to help them quickly and easily solve any Compliance failures they might have.