PCI DSS SAQ

PCI DSS SAQ

Cognosec offers professional guidance to small-to-medium sized businesses in achieving PCI compliance and completing the Self-Assessment Questionnaire.

Cognosec Services

Cognosec Services

Features

The Payment Card Industry Data Security Standard (PCI DSS) applies to all organisations that store, process and/or transmit cardholder data. The framework covers technical and operational system elements connected to cardholder data. If you store, process or transmit credit card data you are subject to this standard. Cognosec is a Qualified Security Assessor (QSA) and as a QSA we are authorised to help your company obtain and maintain PCI DSS compliance. Cognosec GmbH can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer –creating a rounded and comprehensive compliance package. Cognosec is an Approved Scanning Vendor (ASV) – an organisation with a set of security services and tools available to validate adherence to the external scanning condition of the PCI DSS requirement 11.2. The scanning vendor’s ASV scan solution is always tested and approved by the PCI SSC before an ASV is added to the list of approved scanning vendors. As Cognosec is a Qualified Security Assessor (QSA) for the PCI-DSS and PA-DSS as well as an Approved Scanning Vendor (ASV)– making Cognosec a one-stop-shop for your PCI compliance needs.  Cognosec can provide you with a full PCI DSS audit portfolio on top of the consultancy service we already offer – creating a rounded and comprehensive compliance package. We are authorised to help your company obtain and maintain PCI DSS compliance.

Description

All business that store, process or transmit payment cardholder data must be PCI Compliant. As a Qualified Security Assessor (QSA), Cognosec offers professional guidance to small-to-medium sized businesses in achieving compliance and completing the Self-Assessment Questionnaire. The PCI DSS self-assessment questionnaires (SAQs) are validation for merchants and service providers self-evaluating their compliance with PCI DSS.  Organizations can either undergo their own PCI DSS assessments, or  a QSA company can conduct PCI DSS assessment and underwrite their SAQs.

Specification

There are different versions of the SAQ to meet different merchant environments. As a Qualified Security Assessor (QSA) we are able to provide PCI DSS SAQ assessment to organizations seek professional guidance in achieving compliance and completing the following Self-Assessment Questionnaires. SAQ A is intended for merchants that accept only card-not-present transactions (that is, e-commerce, mail order or telephone order), and that outsource all their cardholder data functions to PCI DSS compliant service providers. SAQ A would never apply to face-to-face merchants. SAQ B is for those merchants who process cardholder data using only imprint machines or using only dial-out terminals. SAQ C-VT is for merchants using only web-based virtual payment terminals, where cardholder data is manually entered into a secure website from a single system. SAQ C is for merchants with dedicated payment application systems segmented from all other systems, and connected to the Internet for the purposes of transaction processing. SAQ P2PE-HW is for merchants using a validated P2PE solution that is listed on the PCI SSC website. SAQ D is for all other SAQ-eligible merchants that do not fall into any of the other SAQ categories, and for any service providers defined by a payment brand as eligible to complete the SAQ.

Download as PDF