PCI SAQ (Self-Assessment Questionnare) Advisory Service

Providing Q&A, Pre-Audit and Education knowledge to Prepare for Audit

The PCI SAQ (Self-Assessment Questionnaire) is an effective tool developed by the PCI SSC (Security Standards Council) for compliance with the PCI DSS (Payment Card Industry Data Security Standard). Merchants and service providers that collect credit card payments – both online and offline – are encouraged to complete the assessment. For merchants looking to be PCI DSS compliant, completing the PCI SAQ is mandatory. PCI SSC encourages organisations to seek professional guidance in achieving compliance and completing the self-assessment questionnaire.

Read more on PCI DSS SAQ Version 3.0 >>

nanaroq logo

Cyber Secure Asia partners with Japan’s Top PCI DSS experts NANAROQ to provide consultation & cloud-based Q&A (Shimpla-Connect) services for compliance and audit support so you can ask questions on PCI SAQ anytime, anywhere. NANAROQ is a Qualified Security Assessor (QSA) Company under PCI SSC and a VISA approved SA.

shimpla connect

What is Shimpla-Connect?

Shimpla-Connect is an innovative cloud-based Q&A platform by NANAROQ for compliance and audit support. 

Advantages:

(1) Governance

Shimpla-Connect supports mutual assessment by members of their own company with its business manager, directors, auditors or committee taking the leading role.

(2) Investigation

Shimpla-Connect supports investigation made by business manager, directors, auditors, compliance committee or a third-party panel independent from the operation line. Questions may be easily customized from Shimpla-Connect templates to find facts, opinions on cause, proposal of corrective actions or check the status of improvement implementation depending on the situation of the client. Investigation may start as early as a few days after the initial inquiry is made.

Easy Q&A Process

q&a process1. User submits a question
2. Q&A case is created and consultant is assigned
3. Consultant responds to question
4. User confirms the answer

REQUEST FOR QUOTATION

 

 

 

fast Fast & Simple

An intuitive interface for communication between users and experts. 

email icon Convenient

A convenient email-to-case feature, so you can submit a question easily and receive an answer by email.

comments Commenting System

A simple commenting system so your case will not close until all questions are answered.

cloud service Innovative Cloud Solution

An innovative cloud solution for file management and sharing where all your information can be accessed.

User & Consultant Dynamics

What goes on behind the NANAROQ Shimpla-Connect Platform:

nanaroq

You will need to choose an SAQ that best suits your current position. Filling up the wrong SAQ will invalidate your compliance.

There are 9 types of SAQ available:

SAQ Type Description
A Card-not-present merchants (e-commerce or mail/telephone-order) that have fully
outsourced all cardholder data functions to PCI DSS validated third-party service
providers, with no electronic storage, processing, or transmission of any cardholder data
on the merchant’s systems or premises.
Not applicable to face-to-face channels.
A-EP* E-commerce merchants who outsource all payment processing to PCI DSS validated third
parties, and who have a website(s) that doesn’t directly receive cardholder data but that
can impact the security of the payment transaction. No electronic storage, processing, or
transmission of any cardholder data on the merchant’s systems or premises.
Applicable only to e-commerce channels.
Merchants using only:
• Imprint machines with no electronic cardholder data storage; and/or
• Standalone, dial-out terminals with no electronic cardholder data storage.
Not applicable to e-commerce channels.
B-IP* Merchants using only standalone, PTS-approved payment terminals with an IP
connection to the payment processor, with no electronic cardholder data storage.
Not applicable to e-commerce channels
C-VT Merchants who manually enter a single transaction at a time via a keyboard into an
Internet-based virtual terminal solution that is provided and hosted by a PCI DSS
validated third-party service provider. No electronic cardholder data storage.
Not applicable to e-commerce channels.
C Merchants with payment application systems connected to the Internet, no electronic
cardholder data storage.
Not applicable to e-commerce channels
P2PE-HW Merchants using only hardware payment terminals that are included in and managed via
a validated, PCI SSC-listed P2PE solution, with no electronic cardholder data storage.
Not applicable to e-commerce channels.
D SAQ D for Merchants: All merchants not included in descriptions for the above SAQ
types
SAQ D for Service Providers: All service providers defined by a payment brand as
eligible to complete a SAQ

 

 

contact us  Contact Us for PCI SAQ Advisory Service Today!