Self-assessments done right: A facilitated SAQ
We believe every client is worth protecting and that a self-assessment should add value. That’s why we created the PCI DSS facilitated SAQ service. Each Coalfire-facilitated SAQ starts with a fully trained assessor who takes the time to learn your business and understand your project goals. No two projects are the same because no two client situations are identical. Our job is to get you the information and documentation you need to make good decisions and protect your business.
Your SAQ, only better
With a facilitated SAQ, our assessors help with several initiatives:
- Scoping the cardholder data environment (CDE) and providing recommendations on how to minimize the CDE from a PCI DSS perspective
- Selecting the appropriate SAQ assessment form
- Reviewing each control and explaining complex requirements
- Clarifying the evidence required to answer “yes” on each required control
At the end of a facilitated SAQ project, you’ll be able to create a completed SAQ or a gap report that includes recommendations and plans for closing the gaps.
Many large organizations, such as higher education institutions and state governments, must manage a diversified, complex group of small merchants. These organizations are often the designated responsible fiduciary for their acquiring bank. We have a special consolidated SAQ program that simplifies this compliance burden by leveraging our facilitated and attested SAQ solutions.
Attested SAQ: Meet your acquirers’ expanding requirements
Some merchant banks and processors now require their Level 2 merchant customers to submit an attested SAQ, signed not only by the merchant themselves, but also by the QSA. An attested SAQ goes into greater depth than a facilitated SAQ, but not as much as a report on compliance (ROC). It provides your acquirer with the additional assurance that your PCI DSS compliance program has been assessed and guided by Coalfire QSAs. Our attested SAQ service addresses this need. When completing an attested SAQ, you receive the full benefits of our expertise and experience working with SAQ and ROC clients.