New PCI DSS Self-Assessment Questionnaires Demand New Approach and Tools

Share Article

The PCI Security Standards Council has released version 1.1 of the Self-Assessment Questionnaires (SAQ). TruComply announces new enhancements to its compliance management service to address the challenge. Join TruComply for an upcoming webinar to learn more about how the Questionnaires will impact your program and how TruComply can help.

News Image
While all merchants must be fully PCI DSS compliant, we expect that the new executive attestation will reinforce the importance of maintaining compliant security controls throughout the year and providing executive visibility into the effectiveness of these controls, stated Chris Noell, President of TruComply.

The PCI Security Standards Council has released version 1.1 of the Self-Assessment Questionnaires (SAQ). The SAQ must be completed annually by all Level 2, 3 and in some cases, Level 4 merchants as well as Level 3 service providers. Replacing the previous one size fits all questionnaire, the Standards Council has created multiple questionnaires of varying levels of detail for different merchant environments.

For larger merchants who store cardholder data and/or operate complex payment processing environments, the newly required 226 question Questionnaire D will prove a significantly higher validation hurdle than the previous 75 question SAQ. In addition, an Executive Officer must now sign an accompanying attestation that he/she has read the PCI DSS and is in full compliance at all times.

Given the new validation challenges, many merchants will need a more manageable, year-round approach to PCI DSS compliance. TruComply has risen to the challenge with a new version of its compliance management service that includes the latest questionnaires with e-Learning to ensure that questions are answered correctly, automated remediation planning and execution workflow tools, and an executive-level compliance dashboard and reporting.

"While all merchants must be fully PCI DSS compliant, we expect that the new executive attestation will reinforce the importance of maintaining compliant security controls throughout the year and providing executive visibility into the effectiveness of these controls, stated Chris Noell, President of TruComply. "If I have to sign my name, I'm going to ask the hard questions and want to see metrics throughout the year."

To learn more about the new questionnaires, the implications for your compliance program, and how TruComply can help, please join TruComply's March 6th webinar: "The New PCI Self-Assessment Questionnaire: Why It Will Significantly Impact Your Compliance Program." To For registration information and more on the new SAQs, please go to http://www.trucomply.com/saq.

About TruComply:
TruComply enables clients to achieve and maintain compliance with the Payment Card Industry Data Security Standard (PCI DSS) through a comprehensive suite of web-based tools. TruComply tools support clients throughout all phases of the compliance process including education, evaluation, remediation, maintenance, and ongoing updates.

TruComply is a member of the PCI Security Standards Council and ANSI X9 and currently serves over 500 clients in North and South America. TruComply partners include 20% of the Qualified Security Assessors (QSAs). To learn more about PCI, payments security, or how TruComply can help, please contact us at 512-330-0662 or go to our website at http://www.trucomply.com.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Rachel Meaney
Visit website