Completing the SAQ

The Official SAQ D has approximately 300 questions to be answered. Most of the aspects are general infrastructure controls, access controls and organizational policies. Answering the questions will be a cake walk if you close few activities upfront. We have divided the activities into three categories.

Type of Activity
Description

Organizational and People activities

Establish organizational policies and conduct staff training.

Infrastructure activities

Implement security measures in your cloud environment handling card data.

Access controls

Restrict infrastructure access to essential personnel.

For further assistance, please contact us at hyperswitch@juspay.in

Final Steps

  1. Network Scan: Select a PCI-approved scanning vendor from the official list and obtain a network scan report. This process, typically automated by Approved Scanning Vendors (ASVs), should be conducted quarterly and usually completes within a few hours.

  2. Complete SAQ D: Fill out the SAQ D and retain a copy for your records.

It's essential to submit your network scan report and Self-Assessment Questionnaire (SAQ) to your payment processor or acquirer.

Submission methods vary; some processors provide a dashboard for uploads, while others prefer email communication. Ensure you adhere to your processor's specific requirements and submission schedule, typically on a quarterly basis.

Last updated

Was this helpful?