What is a SAQ?
A Self-Assessment Questionnaire (SAQ) is a self-attestation tool for Merchants handling payment cards as part of Payment Card Industry Data Security Standard (PCI DSS) compliance. A SAQ is a PCI DSS-provided form for Merchants to:
- Select the appropriate SAQ type (A, B, C, D, etc.);
- Self-report compliance with each relevant PCI DSS requirement;
- Provide evidence (e.g., network diagrams, encryption configs, log samples);
- Submit an Attestation of Compliance (AOC); and
- Document compensating controls, or remediation plans, if not fully compliant.
SAQs are lighter-weight than third-party assessments to generate a Report on Compliance (ROC) by a PCI Qualified Security Assessor (PCI QSA).