LRQA Nettitude Blog

Many organisations accepting card payments see SAQ A as the target operating model, as this has the most effect on reducing the PCI DSS requirements with which an organisation must comply. It does not come without risks though, as the third-party service providers you have engaged with must always maintain their compliance to support yours.

So, what remains the same, and what has changed with the arrival of PCI DSS v4.0? The first blog of this series explained the core format changes for all the SAQs, here we turn to the specifics around SAQ A.

The PCI Security Standards Council (SSC) published PCI DSS v4.0 on the 31st March 2022. The combined efforts by the SSC, payments brands, participating agents, and QSA the community have yielded a significant overhaul that promises to provide a framework for securing payment card information in the future.

There has since been a lot of activity surrounding the release, which gives rise to a problem. With such an overhaul, people are suffering from information overload and are unable to find a starting point for their organisations. Nettitude will break down what the changes mean and what a merchant or service provider needs to migrate, starting with a series of blogs discussing changes to self-assessment questionnaires allowing you to quickly start forming your plan to move to PCI DSS v4.0.