Your Roadmap to Risk Reduction!

The Continuum GRC ITAM SaaS platform has hundreds of plugin modules available, such as:

Audit and compliance modules for PCI

PCI DSS Version 4 QSA and SAQ

The PCI DSS certification is the only authorized compliance assessment for merchants and service providers who process credit cards. It is required for all businesses processing credit cards to be certified annually.

PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process, or transmit cardholder data (CHD) and/or sensitive authentication data (SAD).

Modules include:

  • Level 1 Merchant and Service Provider ROC and AOC
  • Level 2, 3, and 4 SAQ A
  • Level 2, 3, and 4 SAQ A-EP
  • Level 2, 3, and 4 SAQ B
  • Level 2, 3, and 4 SAQ B-IP
  • Level 2, 3, and 4 SAQ C
  • Level 2, 3, and 4 SAQ C-VT
  • Level 2, 3, and 4 SAQ D Merchants
  • Level 2, 3, and 4 SAQ D Service Providers

Level 1 Merchant

  • PCI DSS RoC
    PCI DSS AoC Merchants
    PCI DSS Appendix E: Explanation of Requirements Not Tested
    PCI DSS Appendix D: Explanation of Non-Applicability
    PCI DSS Appendix C: Compensating Controls Worksheet
    PCI DSS Appendix A: Additional Requirements for Shared Hosting Providers
    PCI DSS Action Plan for Non-Compliant Requirements

Level 1 Service Provider

  • PCI DSS RoC
    PCI DSS AoC Service Providers
    PCI DSS Appendix E: Explanation of Requirements Not Tested
    PCI DSS Appendix D: Explanation of Non-Applicability
    PCI DSS Appendix C: Compensating Controls Worksheet
    PCI DSS Appendix A: Additional Requirements for Shared Hosting Providers
    PCI DSS Action Plan for Non-Compliant Requirements

Level 2, 3 and 4

  • SAQ A and AOC SAQ A: Card-not-present merchants (e-commerce or mail/telephone order) that have fully outsourced all cardholder data functions to PCI DSS validated third-party service providers, with no electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises. Not applicable to face-to-face channels.
  • SAQ A-EP and AOC SAQ A-EP: E-commerce merchants who outsource all payment processing to PCI DSS validated third parties, and who have a website(s) that doesn’t directly receive cardholder data but that can impact the security of the payment transaction. No electronic storage, processing, or transmission of any cardholder data on the merchant’s systems or premises. Applicable only to e-commerce channels.
  • SAQ B and AOC SAQ B: Merchants using only imprint machines with no electronic cardholder data storage; and/or standalone, dial-out terminals with no electronic cardholder data storage. Not applicable to e-commerce channels.
  • SAQ B-IP and AOC SAQ B-IP: Merchants using only standalone, PTS-approved payment terminals with an IP connection to the payment processor, with no electronic cardholder data storage. Not applicable to e-commerce channels.
  • SAQ C and AOC SAQ C: Merchants with payment application systems connected to the Internet, no electronic cardholder data storage. Not applicable to e-commerce channels.
  • SAQ C-VT and AOC SAQ C-VT: Merchants who manually enter a single transaction at a time via a keyboard into an Internet-based virtual terminal solution that is provided and hosted by a PCI DSS-validated third-party service provider. No electronic cardholder data storage. Not applicable to e-commerce channels.
  • SAQ D Merchant and AOC SAQ D - Merchants: All merchants not included in descriptions for the above SAQ types.
  • SAQ D Service Provider and AOC SAQ D - Service Providers AOC extra form for Service Providers - Section 2g: All service providers defined by a payment brand as eligible to complete an SAQ.

What are you waiting for?

You are just a conversation away from putting the power of Continuum GRC to work for you. 

Contact us using the form below or calling us at 1-888-896-6207 for immediate assistance.

Amazing Benefits