The Company PCI DSS page (Fig. 1) allows you to manage the selected company’s SAQ Templates and SAQ Groups for use with Mako’s Merchant PCI services. See the PCI DSS Summary documentation for details regarding Merchant PCI services. You must have both an active PCI DSS License and an active PCI Enhanced Services License in order to access Merchant PCI services.
Merchant PCI services require installation of a dedicated scanning appliance in your network and application of firewall settings that allow it to scan restricted zones.
The Company PCI DSS page has two tabs: SAQ Templates and SAQ Groups.
SAQ Templates allow you to pre-fill settings and answers to apply to multiple SAQs, eliminating the need to enter these responses every time you create an SAQ. Also, having multiple templates means you can segment your SAQ responses. For example, you can create separate templates for locations using Gilbarco and for those using Verifone.
SAQ Groups allow you to group related SAQ Templates together, as well as to specify additional settings for submitting SAQs. For example, you can create separate groups of templates for locations using Gilbarco and for those using Verifone and loop in your appropriate compliance personnel for each of those systems.
The SAQ Templates tab displays a list of existing SAQ Templates and a form for creating new SAQ Templates for the selected company.
View SAQ Templates
The SAQ Templates list (Fig. 2) displays the selected company’s existing SAQ Templates.
- [Edit] – edit button
- Name – name of template
- Version – version of PCI DSS used to check compliance
- Scope – whether or not template is shared with customer companies
- [Delete] – delete button
Edit SAQ Template (SAQ Template Wizard)
To edit an existing SAQ Template, click its gear icon button. This will open the SAQ Template Wizard (Fig. 3) in a new window. Use the wizard to make and save changes to the SAQ Template.
The SAQ Template Wizard steps you through the SAQ sections and allows you to pre-fill information for later use in actual SAQ submissions. You may provide as little or as much information as desired.
When multiple SAQ Templates apply to a single SAQ, the pre-filled information will be combined. In cases of conflicting values (excluding blanks), the least compliant value will be used. For example, if the first template specifies “Yes” for a requirement, and the second template specifies “Yes with CCW” for the same requirement, then the value used will be “Yes with CCW.”
The Section dropdown at the top of the wizard can be used to navigate to a particular numbered section of the SAQ Template or to view the entire template at once using the “Single page view” option at the bottom of the list. The “Section 0” option at the top of the list takes you to the first step, available to all templates, where you provide some basic information about the template itself. The other numbered sections available and the content within them will depend on the version of PCI DSS assigned to the template.
A set of buttons appears both above and below the current template section being viewed in the wizard: “Previous” and “Next” buttons for navigating through the sections sequentially, and “Save” buttons for saving any changes to the SAQ Template.
Delete SAQ Template
To delete an existing SAQ Template, click its minus icon button. This will open a confirmation panel asking you to confirm the deletion. If you are certain you want to delete the SAQ Template, click the “OK” button.
Add SAQ Template
Use the Add SAQ Template form (Fig. 4) to create a new SAQ Template for the selected company.
Enter a unique, informative, and memorable name for this SAQ Template.
Choose whether this SAQ Template should be available to the selected company and its customers, as well, or only the selected company.
Choose the version of PCI DSS to use when checking compliance with this SAQ Template.
Add SAQ Template Button
Click the “Add SAQ Template” button to create a new SAQ Template with these settings.
After creating an SAQ Template, you will need to manually launch the wizard that allows you to pre-fill and save answers to SAQ questions. See Edit SAQ Template above.
The SAQ Groups tab (Fig. 5) displays a list of existing SAQ Groups and a form for creating new SAQ Groups for the selected company.
View SAQ Groups
The SAQ Groups list (Fig. 6) displays the selected company’s existing SAQ Groups.
- [Edit] – edit button
- Name – name of group
- Templates – templates assigned to group
- Emails – email addresses copied on group’s SAQs
- [Delete] – delete button
Edit SAQ Group
To edit an existing SAQ Group, click its gear icon button. This will open the Edit SAQ Group form (Fig. 7) in a new window. Make any desired changes, then click the “Save” button.
Delete SAQ Group
To delete an existing SAQ Group, click its minus icon button. This will open a confirmation panel asking you to confirm the deletion. If you are certain you want to delete the SAQ Group, click the “OK” button.
Add SAQ Group
Use the Add SAQ Group form (Fig. 8) to create a new SAQ Group for the selected company.
Enter a unique, informative, and memorable name for this SAQ Group.
Choose the existing SAQ Templates to assign to this SAQ Group.
This is a list of email addresses that will be copied whenever an SAQ using one of the assigned SAQ Templates is submitted.
Enter the first email address, then click the plus icon button. Repeat, as needed.
To remove an email address from the list, click its minus icon button.
Add SAQ Group Button
Click the “Add SAQ Group” button to create a new SAQ Group with these settings.