PCI SAQ Assessment

What is it?

We work with you to correctly identify applicable Self Assessment Questionnaire (SAQ) levels for all payment channels, and identify emerging PCI v4 requirements for March 2025.

You reduce your compliance burden by focusing on what you need to do to meet PCI requirements and de-scoping where possible.

Countersigned SAQs with Qualified Security Assessor (QSA) involvement provide greater assurance levels to you and your partners.

Who is this for?

All Merchants with less than 6 million transactions per year, and Service Providers with less than 300 thousand transactions need to produce SAQs

Our QSAs offer a sliding scale of support from basic scope checking and document review, through to full sampling of controls.

Increased requirements for Service Providers

The new version of the SAQ-D for Third Party Service Providers (TPSPs), brought out for PCI DSS v4 requires a much more detailed submission. detailed submission. We can work with TPSPs to ensure their submissions contain the right level of detail.

The boundary to full level 1 assessment for TPSPs is only 300 thousand transactions total for all PCI clients. We ensure you are working at the right level to meet PCI DSS reporting requirements.

Release of PCI version 4

The first stage of PCI DSS version 4 was on 31st March 2024. It increased controls and the assurance levels of those controls for Merchants and TPSPs. There is now a requirement for all e-commerce SAQs to complete ASV (Approved Scanning Vendors) scans as an example.

The second stage came in March 2025, where a set of controls were deferred due to complexity and implementation requirements. All e-commerce sites need to ensure they are ready with new technical controls to protect the checkout process, which is mandated even at the lowest SAQ-A level.

Features

All new engagements include an initial scope review to confirm in-scope payment channels.

We work with you to correctly identify the application SAQ level for each payment channel that is used.

All assessments include countersigning SAQ and Attestation of Compliance (AoC) documents to provide additional assurance to clients and acquiring banks.

We work closely with you to provide preparation support. This includes applicable documentation, process review and re-design, training, and dry run assessments.

Benefits

We can engage directly with the acquiring banks if required. This is typically where there is remediation required, or questions from the acquirer the client would like support with.

We will identify opportunities to lower compliance requirements, which may reduce the burden for the client.

We can split the reporting into multiple SAQ submissions (one per payment channel) to provide clarity on which controls apply to each payment channel.