The PCI Security Standards Council has released version 1.1 of the Self-Assessment Questionnaires (SAQ). The SAQ must be completed annually by all Level 2, 3 and in some cases, Level 4 merchants as well as Level 3 service providers. The Standards Council has created multiple questionnaires of varying levels of detail for different merchant environments and replaced the previous one size fits all questionnaire.

    The newly required 226 question Questionnaire D will prove a significantly higher validation hurdle than the previous 75 question SAQ, for larger merchants who store cardholder data and/or operate complex payment processing environments. In addition, an Executive Officer must now sign an accompanying attestation that he/she has read the PCI DSS and is in full compliance at all times.

    Many merchants will need a more manageable, year-round approach to PCI DSS compliance, given the new validation challenges. TruComply has risen to the challenge with a new version of its compliance management service that includes the latest questionnaires with e-Learning to ensure that questions are answered correctly, automated remediation planning and execution workflow tools, and an executive-level compliance dashboard and reporting.

    "While all merchants must be fully PCI DSS compliant, we expect that the new executive attestation will reinforce the importance of maintaining compliant security controls throughout the year and providing executive visibility into the effectiveness of these controls", stated Chris Noell, President of TruComply. "If I have to sign my name, I'm going to ask the hard questions and want to see metrics throughout the year."