Are you compliant if you fill out the SAQ C?

  • Team Omega
  • June 21, 2011

Highly unlikely is the short answer. PCI is not about filling out forms. It about securing your stores. The short form just makes it a little easier to fill out and then submit it. You are still agreeing to be compliant with all of the requirements of PCI DSS – yes, all 286 questions! You might as well be compliant with SAQ D and fill it out completely.

Answering questions on these forms is daunting. You really should get help from people who do this all the time. Trying to do it by yourself is not easy and certainly not prudent. You also may not know if you filled it out correctly. Even the questions may seem like trick questions.

Some people may tell you that you don’t’ need to maintain logs if you qualify for SAQ C. That is absolutely incorrect. You still have to have proof of compliance and all the requirements apply.