This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

PCI DSS SAQ Validation

Adhering to all the PCI requirements can be a significant challenge, especially for smaller organisations. The PCI has developed eight self-assessment questionnaires (SAQs) that are designed for different scenarios, preventing the need for an on-site audit.


Helping you successfully complete an SAQ

If your organisation is a merchant that processes fewer than six million transactions annually, or is a service provider processing fewer than one million transactions per year, you may be able to report your Payment Card Industry Data Security Standard (PCI DSS) compliance using an SAQ.

An SAQ is a validation tool that allows merchants and service providers to self-audit their PCI DSS compliance. There are several types of SAQ, which are designed to meet various scenarios. The type that your organisation needs to complete will mainly depend on how you handle payment card data. For some organisations, the appropriate questionnaire is short and simple, while for others it can be long and technical.

Why is completing an SAQ correctly so important?

Determining which SAQ best applies to your organisation can be difficult. However, failing to get your SAQ right can put cardholder and payment card details at risk, which in turn can harm your organisation. As such, it is important to take SAQs seriously and complete them correctly.

Completing an SAQ can help organisations evaluate their security practices and plan their PCI DSS compliance journey. If you are already PCI DSS compliant, it will provide your acquiring bank with the necessary evidence of that fact.

Why choose IT Governance for PCI consultancy?

Our services provide a tailored route to PCI compliance, scalable to your budget and needs.


We go further than a simple ‘yes/'no’ approach to understand better how security measures work.

We work in partnership to help you understand what is required and why giving you control.

We can offer expertise to vet compensating controls and determine whether they are acceptable.

Companies using our PCI DSS products and services:

"IT Governance were very professional and pragmatic in their approach, and displayed a level of understanding of our business that we found unique and refreshing.” Damien Everard, COO of Appletree.

The value of completing an SAQ validation service

A PCI DSS SAQ validation service will help you identify the right SAQ to complete and provide the appropriate support and advice to achieve full PCI DSS compliance. Our QSAs will help you validate your cardholder data environment, reduce gaps and help you answer technical components of the SAQ enabling you to submit your SAQ with ease. 

By completing an SAQ assessment, you can:

  • Receive expert guidance from a QSA on security controls;
  • Identify methods to lower your validation level;
  • Reach full PCI DSS compliance to complete your SAQ; and
  • Submit an attested SAQ, signed off by a QSA.

Our PCI DSS SAQ validation service (click here to see our service description)

  • A PCI DSS SAQ validation service conducted by an IT Governance QSA will help you identify the right SAQ to complete and provide the appropriate support and advice to achieve full PCI DSS compliance.

Free PCI DSS resources

Speak to an expert

We have a team of account managers and security consultants to discuss your PCI DSS challenges. For more information, please contact us.