howtocompletethequestionnaire.docVIP

How to Complete the Questionnaire The questionnaire is divided into six sections. Each section focuses on a specific area of security, based on the requirements included in the PCI Data Security Standard. For any questions where N/A is marked, a brief explanation should be attached. Questionnaire Reporting The following must be included with the self-assessment questionnaire and system perimeter scan results: Organization Information Corporate Name: DBA(s): Contact Name: Title: Phone: E-mail: Approximate number of transactions/accounts handled per year: Please include a brief description of your business. Please explain your business’ role in the payment flow. How and in what capacity does your business store, process and/or transmit cardholder data? List all Third Party Service Providers Processor: Gateway: Web Hosting: Shopping Cart: Co-Location: Other: List Point of Sale (POS) software/hardware in use:  Rating the Entire Assessment After completing each section of the assessment, users should fill in the rating boxes as follows: In each section IF… THEN the section rating is… ALL questions are answered with “yes” Green – The merchant or service provider is compliant with the self-assessment portion of the PCI Data Security Standard. Note: If “N/A” is marked, attach a brief explanation. ANY questions are answered with “no” Red – The merchant or service provider is not considered compliant. To reach compliance, the risk(s) must be resolved and the self-assessment must be retaken to demonstrate compliance. Section 1: Green Red Section 4: Green Red Section 2: Green Red Section 5: Green Red Section 3: Green Red Section 6: Green Red Overall Rating: Green Red  Build and Maintain a Secure Network Requirement 1: Install and maintain a firewall configuration to protect data Description Response 1.1 Are all router, switches, wireless access points, and firewall configurations secured and do they c