Everything is computed in your browser from your own answers. Never enter card numbers here.
Your SAQ is the starting line, not the finish.
This free check names your likely SAQ and samples five controls. The paid PCI DSS v4.0 Readiness & Gap Analysis confirms your SAQ with full rationale and scope, marks every one of the 12 PCI DSS v4.0 requirements covered, partial, or gap, and hands you a prioritized 30/60/90 remediation roadmap with the evidence your assessor will ask for. PDF in your inbox within hours.
Methodology & honest limits
Your SAQ type is determined from how you reported accepting cards, using the same logic as our paid engine and the PCI SSC SAQ eligibility rules. It is indicative, a starting point to confirm against the current PCI SSC SAQ Instructions and, where applicable, your acquiring bank or a Qualified Security Assessor.
This is a directional self-assessment, not a QSA assessment, not a completed SAQ, and not a signed Attestation of Compliance. It does not certify or guarantee PCI DSS compliance. The five-control readiness read is a sample, so your real exposure can be wider. “Not sure” is scored as a gap on purpose: a control you can’t evidence is a control you can’t claim.