For this section, we are assuming that you have already determined that you are eligible to complete SAQ D-Light. For more details about determining which SAQ is appropriate for your hotel, please refer to the Determining the Type of SAQ section.


SAQ Overview


The PCI DSS Self-Assessment Questionnaire consists of 1-12 Requirements, each relating to a different aspect of payment card security. Each requirement consists of a number of sub-requirements or ‘controls’.
The controls for each requirement are listed under each tab in the navigation bat, and all questions are required to be answered.

For each question (requirement), you must assign one of the following statuses from the drop-down list provided:

In Place: Select this status if your environment meets the requirement. For example, if there are video cameras installed to protect sensitive areas (e.g., reception, the back office), then set the status for question 9.11a to In Place.

Not In Place: Select status if your environment does not meet the requirement. For example, if quarterly internal network scans are not (to the best of your knowledge) performed, then set the status for question 11.2.3(a) to Not in Place.

Not Applicable: Select this status if you believe a particular requirement not apply to your environment. For example, if you do not employ wireless technology (this is highly unlikely) in any capacity, then set the status for question 11.1.1 to Not Applicable.

Compensating Control: The requirement is in place by means of a Compensating Controls.

Not Tested: Select this status if the requirement has not been evaluated.

Additionally, you are only required to answer the questions written on a dark blue header. Questions written on a light blue header are to be completed by the Accor organization.




Once you are on the SAQ page, you have a few options in order to browse through the questionnaire. Since you were eligible for SAQ D-Light, make sure to select the correct tab at the top of the screen. By default, it should already be selected.




To answer a question, select a status from the drop-down menu as exemplified on the picture below:




Whenever you select the status 'Not Applicable' or 'Compensating', a data entry field appears below your answer, wherein you may give an explanation as to why you elected to answer the question that way.




In order for your hotel to be compliant, all questions must be answered with either an 'In Place' status, or a 'Not Applicable' one, provided you can prove in what ways the requirement does not apply to your hotel environnement.

If you assign but a single 'Not in Place' status, your hotel is deemed non-compliant in terms of SAQ D-Light.

Once all questions have been answered, proceed to step 3: Attestation of Compliance.