Complete PCI DSS 4.0.1 SAQ Suite Launching August 1 – Tailored, Accurate, and Easier to Use

chris.lyons

We’re pleased to announce that updated Frameworks, Assessments, and Task Packs for all PCI DSS 4.0.1 Self-Assessment Questionnaires (SAQs) will be available in the product starting August 1st.

Previously, we only provided SAQ D for Service Providers, which—while technically usable by all entity types—included every PCI DSS control, even those not required for many organizations. This often resulted in unnecessary complexity for companies with more limited compliance needs. With this update, we now offer each SAQ as an individual, dedicated experience, allowing organizations to select and work with the version that best aligns with their environment—while still maintaining access to the full version if needed.

This release includes full support for:

• SAQ A
• SAQ A-EP
• SAQ B
• SAQ B-IP
• SAQ C
• SAQ C-VT
• SAQ D for Merchants
• SAQ D for Service Providers
• SAQ P2PE
• SAQ SPoC

These were developed directly from the official PCI DSS 4.0.1 documentation to ensure full alignment with the current standard. Each SAQ version includes:

• Frameworks with accurately mapped requirements
• Assessments tailored to the structure of each SAQ type
• Task Packs that generate remediation tasks based on compliance gaps

The core content is finalized and ready for implementation. These updates are fully capable of supporting PCI assessments against 4.0.1 requirements.

Please note that some components are not included in this release. These include the pre-assessment forms that capture contextual and organizational details (such as company name, service provider declarations, and environment descriptions), as well as post-assessment elements like signature forms and attestation sections. The Attestation of Compliance (AOC) and the official PCI DSS reporting format are also not included at this time. Reporting options from previous versions remain available and unchanged.

All components not included in this release are currently in development and will be released as they are completed.

If you’re managing PCI compliance using any of the SAQs, these updates provide a strong foundation to begin your assessments and drive remediation efforts. Let us know if you’d like help getting started or tailoring the content to your needs.