Featured Coalfire Video

See why organizations in a wide range of industries turn to Coalfire to address their IT GRC challenges.

The Coalfire Blog
Recent Surveys Reveal Trends and Spending Habits for Retailers in PCI Compliance

Recently, Gartner Research released two separate research reports on retailer PCI DSS...

Facilitated Self Assessments

Self Assessments: Sign at Your Own Risk

Level 2, 3 and 4 merchants and Level 2 service providers are expected to complete an annual Self-Assessment Questionnaire (SAQ) that attests to your organization's compliance with the PCI DSS. The depth and breadth of the SAQ is dependent on where and how your organization interacts with cardholder data, but two things are always the same:

  1. A SAQ is a pass/fail test, and to pass, you must be able to say ‘yes’ to every applicable question (or have a documented compensating control).

  2. The SAQ must be signed, dated and available for review if requested by your processor (or a customer, in the case of a service provider).

Simple enough? Yes, particularly if you are well-versed in the PCI DSS, maintain good documentation on your systems, and stay informed on evolving control standards and threat vectors. It’s even easier if you have someone on staff who has completed the PCI Security Standards Council’s Internal Qualified Security Assessor training course.

Not your situation? Coalfire can help.

Self Assessments Done Right:  A Facilitated SAQ

Coalfire believes every one of our clients is worth protecting and that a self assessment should add value. That’s why we created the Facilitated SAQ service. Each Coalfire Facilitated SAQ starts with a fully-trained Coalfire assessor who takes the time to learn your business and understand what you most need out of the project. No two projects are the same because no two client situations are identical. Our job is to get you the information and documentation you need to make good decisions and protect your business.

Coafire Facilitated SAQ - An Informed Collaborative Approach



Your SAQ, Only Better

With a Facilitated SAQ, Coalfire assessors help with a number of initiatives, including:

  1. Scoping the Cardholder Data Environment and providing recommendations on how to minimize the CDE from a PCI DSS perspective.

  2. Selecting the right SAQ assessment form.

  3. Reviewing each of the controls and explaining any hard-to-understand requirements.

  4. Clarifying what evidence is required to answer “yes” on each required control.

At the end of a Facilitated SAQ project, Coalfire clients are able to create a completed SAQ or a gap report that includes recommendations for closing the gaps.


How can we help with your PCI Compliance needs?

Please provide a brief description of how we can help along with your contact information. We will respond within 24 business hours.

Bookmark and Share
Related Resources
Industry Resources