PCI SAQ Expert solutions for all your requirements


The Payment Card Industry Security Standards Council is a non-statutory body set up by the industry to establish and uphold rigorous security standards across the world by any organisation involved in the processing of payments by credit and debit card. It operates several assessment programs in support of this work of which PIN assessment is the most comprehensive. The most familiar is probably the Payment Card Industry Data Security Standard (PCI DSS) regime, which regulates the collection, processing, storage, transmission and destruction of credit and debit card information. While this standard is not legally binding in practice, the consequences of non-compliance can be very serious not only reputationally but also in being able to maintain a functioning presence within the payment system.

The PCI DSS assessment process is rigorous and extensive. In addition, it is not a fixed set of requirements because as technology changes and security risks mutate, provisions for safe processing and storage must be constantly updated. However, the PCI recognises that there are huge variations of scale and engagement between different payment service users which means that consistently imposing the strictest criteria may be neither fair, reasonable or necessary in the case of many smaller organisations. For this reason, the PCI introduced a system of self-assessment (PCI SAQ) and issued clear designations of the types of organisations who would be permitted to use this method.

Benefits of PCI SAQ

  • Easier compliance

    Easier compliance
  • Cost-effective

  • Heightened security

    Heightened security
  • Avoidance of fines

    Avoidance of fines
  • Customer protection

    Customer protection
  • Enhanced reputation

    Enhanced reputation
  • Global recognition

    Global recognition
  • Peace of mind

    Peace of mind

Who can use the PCI Self-Assessment Questionnaire?

It would be a mistake to see the self-assessment regime as simply a short cut to compliance. For one thing, although it may involve less administrative work and expense than engaging a third-party PCI assessor, it still demands an intensive level of examination, and for another, it is about more than compliance: it is about greater security, which is of direct benefit to you and your customers. Compliance does not guarantee security in the longer term which is why constant re-assessment is vital. It needs to be part of your general business practice in the same way as end-of-year accounting. If you qualify for self-assessment then integrating this regular process need not be too heavy a commitment.

Gradeon has years of experience working with clients to achieve and maintain PCI DSS compliance. We recognise that even self-assessment is not always straightforward – how many self-assessment tax returns are actually prepared by accountants? Firstly, we can help you identify whether you qualify. If you are an ecommerce trader we can quickly appraise the applicability of the rules to your organisation. Most exemptions from full-scale assessments – although not all – are reserved for non-ecommerce traders and they depend largely on storage and post-transaction processing. The PCI SSC provides eight different questionnaires and we can advise you on which is the correct one for your business then help you complete it to satisfy all the demands of the self-assessment regime, leaving you to continue trading as normal, safe in the knowledge that your business processes are certified and compliant.

How can we help you?

If you have any questions, we are always be happy to assist you. Feel free to contact us by telephone or email and we will be sure to get back to you as soon as possible.

We have assisted businesses from diverse verticals to succeed. Feel free to connect with us for a detailed understanding of how we can help you.


Would you like to speak to one of our expert consultant over the phone? Just submit your details and we'll be in touch shortly. You can also email us if you would prefer.