PCI DSS Self-Assessment Questionnaire (SAQ) Advisory Service

The PCI DSS Self-Assessment Questionnaire (SAQ) is the means by which organisations processing a lower volume of card transactions, can assess, and provide assurance of their compliance, without the requirement for a full on-site audit, or providing a formal Report on Compliance (RoC).

With changes introduced in PCI DSS v3.0 onwards, organisations may now need to provide more than one self-assessment questionnaire, and answer to up to 139 questions.

Accurate completion of these documents is critical, and this can prove challenging to even those organisations familiar with the PCI DSS, and their environment.

JAW Consulting UK can help demystify these more comprehensive PCI DSS Self-Assessment Questionnaires, and provide you with a clear explanation of how it applies to your organisation.

We can help you validate your CDE, identifying any gaps, and provide answers to the more detailed questions within these revised documents, allowing you to confidently submit your SAQ, and easing the burden of achieving PCI DSS compliance.

Fast Track Your PCI DSS Compliance

Request an initial PCI DSS Compliance Program consultation.



This engagement will begin with a remote meeting with your team, and a review of the existing SAQ documentation. We will ensure selection of the correct SAQ Form, and through a combination of documentation review and onsite interviews, walkthrough your cardholder data environment, in line with each control, drilling into detail to identify the required evidence to demonstrate compliance. To complete the engagement, we will present our findings, and make suggestions to improve compliance, such as reduction of scope, and fully populate the Self-Assessment Questionnaire ready for your submission.

Key Benefits

  • Provides the PCI DSS Self-Assessment SAQ, ready to submit to your acquiring bank.
  • Eliminate confusion around the SAQ eligibility criteria, and the newer more complex SAQ documents.
  • Reduced scope and complexity for future submissions.
  • Receive expert guidance from our certified PCI DSS Consultants

Our Methodology

Stage 1: Pre- Assessment Phase (Off Site)

  • Meeting with key staff members
  • Provide walkthrough of assessment activities, and agree roles.
  • Review completed PCI DSS Self Assessment Questionnaire (if applicable)

Stage 2: PCI Business Process Review

  • Walkthrough the system components included in, or connected to the card holder data environment
  • Review of existing policies, standards, procedures and processes
  • Interview with key staff interacting with card data.

Stage 3: PCI Controls Analysis Phase

  • Findings and observations of current security controls in line with PCI DSS Self-Assessment Controls Matrix
  • Validation of evidence to comply with Self Assessment Questionnaire Control

Stage 4: Reporting Phase

  • Presentation of findings and strategic recommendations.
  • Preparation of PCI DSS Self-Assessment Questionnaire


Total:       3 days
Onsite:     1 day
Remote:  2 days


Self-Assessment Questionnaire (SAQ) Control Report – detailed report including overall statement of compliance, observations and recommendations relating to the SAQ Review
Completed Self-Assessment Questionnaire (SAQ) – which can be submitted to your card scheme, customer or acquiring bank
Completed Attestation of Compliance (AoC) – to be submitted along with your SAQ

Speak with us today, to see how we can provide external guidance and support, so you can complete the PCI SAQ with confidence.

Optional Related Services