Practical advise on completing PCI DSS SAQ [migrated]
I have established that my business needs to complete a PCI DSS SAQ-D form for attesting PCI compliance... twice - once as a merchant and once as a service provider!
Even completing it once is a substantial undertaking, considering the size of the documents in question (over 100 pages each).
These documents are provided as PDFs. Seemingly I need to print these out and complete them by hand (and then likely scan them back into digital form for storage and delivery to requesting entities), begging the question of which century I am presently in.
Can anybody who has been through this process provide practical advice on how best to complete this document in digital form so that:
- I can save the planet and my budget by minimising wasted paper and printer ink
- Save the work as I proceed and allow the burden to be more easily shared with colleagues
- Allow me to revisit the form in future years and adjust answers as needed, rather than having to start from scratch (and cut down another tree in the process)
Will purchasing a copy of Adobe Acrobat make my life any easier in this respect? That is, do the documents in question actually contain form elements that Acrobat would enable me to fill in and check boxes for?
On a final note, I know this is not a technical question regarding information security per se, but it seems to fall between stools as far as SE site topics go. I am hoping members of this particular site may have some helpful suggestions from experience given the adjacency of subject matter. If this is not the right place though, any suggestions for an alternate site are gratefully accepted.
