SAQ A merchant manual
Section 1 – Departmental Merchant Agreement
Section 2 – Annual PCI Self-Assessment Questionnaire
Section 3 – Cardholder Data Flow Diagram
Section 4 – Department Policies and Procedures and Annual Policy Acknowledgment
Section 5 – Third-Party Service Providers Documentation
Section 6 - PAN Scan Results
Section 7 – Training log
SAQ A Merchant Manual Yearly Upkeep Steps
- Review your policies and procedures annually and indicate the review took place on your "Revision History" of your policies.
- Distribute the new policies to your staff and have them complete the Annual Policy Acknowledgement.
- Complete and sign the SAQ A annually.
- Make sure 3rd party documentation is updated annually.
- Make sure to have a new PAN scan performed annually.
- Enroll staff, complete the annual online security training, and update your training log.
SAQ B merchant manual
Section 1 – Departmental Merchant Agreement
Section 2 – Annual PCI Self-Assessment Questionnaire
Section 3 – Cardholder Data Flow Diagram (use the data flow from the Operational policies and procedures)
Section 4 – Department Policies and Procedures and Annual Policy Acknowledgment
Section 5 – Third-Party Service Providers Documentation
Section 6 – PAN Scan Results
Section 7 – Terminal Security Section
Capture Device Periodic Inspection Procedures
Capture Device Periodic Inspection Log
Section 8 – Training log
SAQ B Merchant Manual Yearly Upkeep Steps
- Review your policies and procedures annually and indicate the review took place on your "Revision History" of your policies.
- Distribute the new policies to your staff and have them complete the Annual Policy Acknowledgement.
- Complete and sign the SAQ B annually.
- Make sure your 3rd party documentation is updated annually.
- Make sure to have a new PAN scan performed annually.
- Enroll staff, complete the annual online security training, and update your training log.
- Perform your periodic physical inspections of your terminal(s).
P2PE merchant manual
Section 1 – Departmental Merchant Agreement
Section 2 – Annual PCI Self-Assessment Questionnaire
Section 3 – Cardholder Data Flow Diagram (use the data flow from the Operational policies and procedures)
Section 4 – Department Policies and Procedures and Annual Policy Acknowledgment
Section 5 – Third-Party Service Providers Documentation
Section 6 – PAN Scan Results
Section 7 – Terminal Security Section
Capture Device Periodic Inspection Procedures
Capture Device Periodic Inspection Log
Section 9 – Training log
Section 10 - PIM (P2PE Installation Manual)
SAQ P2PE Merchant Manual Yearly Upkeep Steps
- Review your policies and procedures annually and indicate the review took place on your "Revision History" of your policies.
- Distribute the new policies to your staff and have them complete the Annual Policy Acknowledgement.
- Complete and sign the SAQ P2PE annually.
- Make sure your 3rd party documentation is updated annually.
- Make sure to have a new PAN scan performed annually.
- Enroll staff, complete the annual online security training, and update your training log.
- Perform your periodic physical inspections of your terminal(s).
- Review your PIM (P2PE Installation Manual) annually to ensure it is up to date.
Reviewed 2024-07-10