Document Comparison
SAQ_A_v3.pdf
→
PCI_DSS_v3-1_SAQ_A_rev1-1.pdf
92% similar
19 → 19
Pages
3883 → 3997
Words
12
Content Changes
From Revision History
- October 2008 1.2
Content Changes
12 content changes. 19 administrative changes (dates, page numbers) hidden.
Added
p. 2
July 2015 3.1 1.1 Updated version numbering to align with other SAQs.
Added
p. 8
Type of facility Number of facilities of this type Location(s) of facility (city, country) Example: Retail outlets 3 Boston, MA, USA Part 2d. Payment Application Does the organization use one or more Payment Applications? Yes No Provide the following information regarding the Payment Applications your organization uses:
Modified
p. 4
Your company accepts only card-not-present (e-commerce or mail/telephone-order) transactions; All payment acceptance and processing are entirely outsourced to PCI DSS validated third-party service providers; Your company has no direct control of the manner in which cardholder data is captured, processed, transmitted, or stored; Your company does not electronically store, process, or transmit any cardholder data on your systems or premises, but relies entirely on a third party(s) to handle all these functions; Your company has …
Your company accepts only card-not-present (e-commerce or mail/telephone-order) transactions; All processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers; Your company does not electronically store, process, or transmit any cardholder data on your systems or premises, but relies entirely on a third party(s) to handle all these functions; Your company has confirmed that all third party(s) handling storage, processing, and/or transmission of cardholder data are PCI DSS compliant; and Your …
Modified
p. 4
The entirety of all payment pages delivered to the consumer’s browser originates directly from a third-party PCI DSS validated service provider(s).
All elements of the payment page(s) delivered to the consumer’s browser originate only and directly from a PCI DSS validated third-party service provider(s).
Modified
p. 9
Merchant accepts only card-not-present (e-commerce or mail/telephone-order) transactions); All payment acceptance and processing are entirely outsourced to PCI DSS validated third-party service providers; Merchant has no direct control of the manner in which cardholder data is captured, processed, transmitted, or stored; Merchant does not electronically store, process, or transmit any cardholder data on merchant systems or premises, but relies entirely on a third party(s) to handle all these functions; Merchant has confirmed that all third party(s) handling acceptance, storage, processing, …
Merchant accepts only card-not-present (e-commerce or mail/telephone-order) transactions); All processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers; Merchant does not electronically store, process, or transmit any cardholder data on merchant systems or premises, but relies entirely on a third party(s) to handle all these functions; Merchant has confirmed that all third party(s) handling storage, processing, and/or transmission of cardholder data are PCI DSS compliant; and Merchant retains only paper reports or receipts with cardholder …
Modified
p. 9
All elements of the payment page(s) delivered to the consumer’s browser originate only and directly from a PCI DSS validated third-party service provider(s).
Modified
p. 12
Observe written agreements Review policies and procedures 12.8.3 Is there an established process for engaging service providers, including proper due diligence prior to engagement?
Observe written agreements Review policies and procedures 12.8.3 Is there an established process for engaging service providers, including proper due diligence prior to engagement? Observe processes Review policies and procedures and supporting documentation
Modified
p. 12 → 13
Observe processes Review policies and procedures and supporting documentation 12.8.4 Is a program maintained to monitor service providers’ PCI DSS compliance status at least annually? Observe processes Review policies and procedures and supporting documentation
Observe processes Review policies and procedures and supporting documentation 12.8.5 Is information maintained about which PCI DSS requirements are managed by each service provider, and which are managed by the entity? Observe processes Review policies and procedures and supporting documentation
Modified
p. 13
PCI DSS Question Expected Testing Response (Check one response for each question) CCW No N/A 12.8.5 Is information maintained about which PCI DSS requirements are managed by each service provider, and which are managed by the entity? Observe processes Review policies and procedures and supporting documentation
PCI DSS Question Expected Testing Response (Check one response for each question) CCW No N/A 12.8.4 Is a program maintained to monitor service providers’ PCI DSS compliance status at least annually?
Modified
p. 18
Signature of QSA Date:
Signature of Duly Authorized Officer of QSA Company Date:
Modified
p. 18
Duly Authorized Officer Name: QSA Company:
Modified
p. 19
PCI DSS Requirement Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO 9 Restrict physical access to cardholder data Maintain a policy that addresses information security for all personnel
PCI DSS Requirement* Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO 9 Restrict physical access to cardholder data Maintain a policy that addresses information security for all personnel * PCI DSS Requirements indicated here refer to the questions in Section 2 of the SAQ.