What is a PCI DSS Self-Assessment Questionnaire?
PCI DSS Self-Assessment Questionnaires (SAQs) are validation tools for use by SAQ-eligible merchants and service providers to perform and report the results of their PCI DSS self-assessments. There are several different SAQs, developed for specific types of environments as defined in each SAQ’s eligibility criteria.
Each SAQ contains a "Completing the Self-Assessment Questionnaire" section, which outlines the type of environment that the SAQ is intended for. All the eligibility criteria for a particular SAQ must be met to use that SAQ.
Additional guidance is also provided in PCI DSS Self-Assessment Questionnaire Instructions and Guidelines, available in the Document Library.
Merchants should consult with their compliance-accepting entity - the entity to which the SAQ will be submitted (typically, an acquirer (merchant bank) or a payment brand) to determine if they are eligible or required to submit an SAQ, and if so, which SAQ is appropriate for their environment.
SAQ D for Service Providers is the ONLY SAQ for SAQ-eligible service providers. All other SAQs are for merchant use only.
Refer to FAQ 1133: Why are there multiple PCI DSS Self-Assessment Questionnaires (SAQs)?