Understanding the Challenge
Self Assessment Questionnaires can cause more anguish for the people who need to complete them, and more complications for those needing them to be completed, than almost any other aspect of compliance.
For example, the PCI-DSS Compliance Policy, which seeks to protect the sensitive information associated with credit card transactions, requires the small traders and merchants who take credit card payments to be compliant, as well as the giant financial institutions who transact those payments between the banks. As the majority of these merchants will be small organisations such as shops or sole traders, provision is made for them to fill out Self Assessment Questionnaires to attest to their compliance, rather than send an army of Auditors out to assess them all.
If you think that the challenge of compliance is difficult for a Compliance Manager who can call on subject matter experts to help with the bewildering array of topics, then imagine how hard it can be for a sole trader who has to understand it all, and act on every requirement alone, in order to be able to then confidently declare themselves compliant.
The real risks associated with a lack of understanding, incorrect implementation of policies, processes and technologies, or incorrect declarations, fall squarely in the laps of the institutions who receive those Self Assessments. This is because, if the merchant isn't compliant, then they aren't compliant either, and they will undoubtedly be fined more money for this than they could ever recover from the merchant!
Opt-Sec Compliance Systems include a solution specifically designed to help with the completion, submission and management of Self Assessment Questionnaires.
For those needing to complete SAQs
To satisfy the needs of those people who need to complete and submit Self Assessment Questionnaires, Opt-Sec Compliance Systems help them to meet and overcome two critical challenges:-
The first challenge is to learn about compliance. By explaining the compliance process, as it applies to them, and by breaking the SAQ down in a way that makes it more obvious what is expected of them, Opt-Sec Compliance Systems take as much of the anguish and hard work out of the completion of a SAQ as possible. Simple explanations in plain English and easy to follow guidelines are delivered on a web-based user interface that educates the user at the same time as it gathers all the required information.
The second challenge is to become compliant. Simply answering questions is not going to lead to compliance. The implication of the questions asked is that, in order to be compliant, the answer should always be affirmative and by helping to clarify the questions, the Opt-Sec Compliance Systems actually explain what the respondent needs to change in terms of policies, processes and technology in order to be able to confirm, through the SAQ, that they are compliant.
For those needing to manage SAQs
To satisfy the needs of those people who request Self Assessment Questionnaires and must then manage them on their return, Opt-Sec Compliance Systems also help them to meet and overcome two critical challenges:-
The first challenge is to help the respondents with their compliance and with the SAQ. The fact that the Opt-Sec Compliance System is educating the respondents and helping them to make the required changes AND complete the SAQ takes a huge amount of work away and this represents massive savings in time, effort and associated costs.
The second challenge is to manage the SAQ process. For many organisations, there are thousands, and sometimes tens-of-thousands, of respondents who need to be compliant. Unless, some form of online SAQ is used, this involves printing and sending questionnaires, chasing them up, receiving them all back again (hopefully), calling people to clarify responses, collating the information and then reporting the results. The fact that the Opt-Sec Compliance Systems provide secure access, via an easy to follow web-based user interface, helps people to complete the SAQ accurately, collates the responses AND provides full reports on overall progress and compliance status means that the previously manual, onerous and error-ridden process is now fully automated and providing better results.