Departmental PCI-DSS Requirements Checklist

No / Description / Yes / No / Notes
1 / Complete Annual SAQ Verification
2 / Complete and Sign the SAQ
3 / Review, Update and Upload Departmental Policies and Procedures
4 / Review and Upload Copies of Third-Party Agreements (if applicable)
5 / Review and Upload Copies of Third-Party Certifications (if applicable)
6 / Complete Annual PCI Training

Departmental Checklist (Details)

  1. Complete Annual SAQ Verification
  2. Based on the following questions, what SAQ (Self-Assessment Questionnaire) category do you belong to? SAQ ______
  3. SAQ A: Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants.
  4. SAQ B: Imprint-only merchants with no electronic cardholder data storage, or standalone, dial-out terminal merchants with no electronic cardholder data storage
  5. SAQ C-VT: Merchants using only web-based virtual terminals, no electronic cardholder data storage
  6. SAQ C: Merchants with payment application systems connected to the Internet, no electronic cardholder data storage
  7. SAQ D: All other merchants (not included in descriptions for SAQs A through C above) and all service providers defined by a payment brand as eligible to complete an SAQ.
  8. Complete the SAQ online
  9. Fill out your department's appropriate SAQ:
  10. Review, Update and Upload Departmental Policies and Procedures
  11. Departmental Policies and Procedures related to processing payment card transactions must be reviewed and updated annually.
  12. Upload the current versions of the policies and procedures to the SAQ submission site.
  13. Review and Upload Copies of Third-Party Agreements
  14. Upload the current version of any third-party agreements to the SAQ submission site.
  15. Review and Upload Copies of Third-Party Certifications
  16. Upload the current version of any third-party certifications, showing their compliance, to the SAQ submission site.
  17. Complete Annual PCI Training
  18. Anyone processing payment cards must attend training annually. Please go to this on the link to complete training: