You are here : Comodo HackerGuardian > HackerGuardian > PCI Self Assessment Questionnaire
How to complete the questionnaire
The PCI Self Assessment Questionnaire is intended to ensure that a merchant has completed critical security measures to safeguard and protect cardholder data. Focusing specifically on the security aspects of the broader PCI DSS standards, the questionnaire helps to identify and resolve any area of non-compliance. Once the requirements have been met and the questionnaire has completed, it should be sent to the merchants acquiring bank alongside a successful PCI scan report from an approved scanning vendor.
How to fill out the questionnaire
The questionnaire consists of a set of 12 requirements - each of which contains a series of ‘Yes or No’ questions. These 12 requirements are divided into 6 broader ‘sections’, with each section targeting a specific area of security from the PCI Data Security Standard. All sections must be completed.
How to prepare for the questionnaire:
1. Familiarize yourself with the PCI Data Security Standard
2. Click Here to fill out the questionnaire using our online wizard. The wizard allows you to save your progress and return to complete the form at a later date. It also allows you to convert the completed form into a PDF for printing.
- If your organization meets the requirements in the questionnaire, you can fill it out immediately, convert to PDF and submit to your acquiring bank. In most cases, however, you will need time and help to assess and action the requirements.
- Alternatively, print the questionnaire and distribute to the appropriate experts within your company in order to establish a set of accurate answers. Once you have obtained satisfactory and accurate answers
please Click Here to complete the questionaire
How the questionnaire is scored
Merchants have to answer all questions with 'Yes' or 'N/A' to be considered compliant with the self assessment questionnaire module of the PCI Data Security Standard.
Answering 'No' to any question means the merchant or service provider is not compliant. The risk(s) identified by the questionnaire must be remedied and the questionnaire retaken.
