TruComply Webinar

New PCI DSS Self-Assessment Questionnaire (SAQ) 1.1

• How will the new questionnaire impact your PCI compliance program?

 

• Should you react before April 30th or wait until after that date?

 

The new PCI Self-Assessment Questionnaires have finally been released by the PCI Security Standards Council. Rather than have a one size fits all questionnaire, the Standards Council has created multiple questionnaires of varying levels of detail for different merchant environments. Virtually all our clients who are Level 2 and 3 Merchants will need to complete the most extensive questionnaire, Questionnaire D. Rather than the 75 abstract questions on the old questionnaire, Questionnaire D is basically a yes/no version of the PCI DSS (226 questions versus 75 questions). In addition to being more rigorous, the Questionnaire requires that an Executive Officer attest to the following:

• All information within the above-referenced SAQ and in this attestation fairly represents the results of my assessment.
• I have confirmed with my POS vendor that my POS system does not store sensitive authentication data after authorization.
• No evidence of magnetic stripe (i.e., track) data2, CAV2, CVC2, CID, or CVV2 data3, or PIN data4 storage subsequent to transaction authorization was found on ANY systems reviewed during this assessment.
• I have read the PCI DSS and I recognize that I must maintain full PCI DSS compliance at all times.

This new Self-Assessment form will be required after April 30th, 2008.

More details...