PCI DSS Readiness Checklist

Step 1: Select Your Applicable SAQ Type

Choose the Self-Assessment Questionnaire type that best describes your card processing environment. This will help pre-fill the checklist below.

SAQ A

Fully outsourced e‑commerce / mail‑order; only hosted iFrame / redirect

SAQ A-EP

E‑commerce site that touches the page that loads the payment form

SAQ B

Dial‑out or imprint terminals (no IP)

SAQ B-IP

Stand‑alone IP‑connected POI terminals, no other systems in zone

SAQ C-VT

Web‑based virtual‑terminal key entry only

SAQ C

Payment application on a segmented LAN, no storage

SAQ P2PE

Only listed P2PE terminals – everything else outsourced

SAQ D (Merchant & SP)

Anything that does not fit the above, or stores CHD

I Don't Know

Help me determine my SAQ type

Disclaimer: This is a simplified, high-level checklist based on common PCI DSS requirements. It is for informational purposes only and does not guarantee compliance. Achieving and maintaining PCI DSS compliance is a complex process that requires thorough assessment, potentially involving a Qualified Security Assessor (QSA).

Official Resource: For full details, refer to the official PCI Security Standards Council Document Library.