Companies dread the idea of filling out all 286 controls of the SAQ-D form. The stress for many comes not from answering ‘yes’ to the controls on the form, but from the thought that you may not be doing what the SAQ asks of you as a merchant. PCI-DSS is filled with many complicated steps for achieving compliance and the SAQ form is not only a guideline, but proof of the compliance you are claiming.
If you start keeping up with simple things such as updates of your software, patching, logging, installing firewalls, imposing guidelines for your employees especially with the use of passwords and some other similar basics, an SAQ form will become less stressful. Also, once everything is brought up-to-date, continue maintenance on a regular basis.
The SAQ D needs to be filled out as honestly as possible with enough evidence to support each control. In the event there is an audit, a QSA can take your SAQ and easily identify each control and the proof provided with it.
Here at Omega we can assist not only with achieving compliance, but also with filling out the SAQ-D form and identifying the evidence needed to back up claims of compliance. Merchants of all Levels are using our solution, we can successfully get you on the right path. To speak to an Omega associate call 636-557-7777.