The Self Assessment Questionnaire (SAQ) is like a ROC in that it has an executive summary, PCI DSS requirements and subrequirements, and an appendix. The SAQ uses the same twelve (12) PCI DSS questions and testing procedures; however, the results of the testing procedures are not written out in detail. The results are recorded in a check box to indicate if the requirement is in place, in place with a compensating control, not in place, or not applicable.
