Payment Card Industry (PCI-DSS) Security Assessment Questionnaire
Organization Information
Organization Name
Contact Person
Email
Phone
Assessment Date
Cardholder Data Environment
1. Does your organization store, process, or transmit cardholder data?
Yes
No
2. Describe the types of payment channels you use:
3. List all systems/networks in the cardholder data environment (CDE):
PCI-DSS Control Questions
4. Are firewalls and routers in place and configured to protect cardholder data?
Yes
No
N/A
5. Is cardholder data encrypted during transmission across open, public networks?
Yes
No
N/A
6. Are anti-virus mechanisms deployed and regularly updated on all systems?
Yes
No
N/A
7. Are unique IDs assigned to each person with computer access?
Yes
No
N/A
8. Are security policies formally documented and reviewed annually?
Yes
No
N/A
Comments / Notes
Assessor Signature
Name
Date