SAQ Management Overview
Monitor and manage PCI DSS Self-Assessment Questionnaire compliance for your merchants.
Preczn provides built-in SAQ (Self-Assessment Questionnaire) management so you can track and maintain PCI DSS compliance across your merchant portfolio. Create, sign, and manage SAQs through the API, monitor compliance status in the Dashboard, and transmit signed documents directly to supported processors.
What is an SAQ?
A Self-Assessment Questionnaire (SAQ) is a PCI DSS compliance validation tool. Merchants that accept card payments must complete and maintain a current SAQ to demonstrate that their cardholder data security practices meet industry standards.
Preczn currently supports SAQ Type A, designed for e-commerce merchants with card-not-present payment processing (PCI DSS 4.0.1).
SAQ Lifecycle
Every SAQ follows a two-state lifecycle:
- Draft — The SAQ has been created but is not yet signed. Draft SAQs can be updated, and a draft PDF can be downloaded for review.
- Signed — The SAQ has been signed and is now valid for compliance. Signed SAQs are immutable and cannot be modified. The expiration date is automatically set to 365 days from the signing date.
Once an SAQ expires, the merchant needs to complete a new one.
Only signed SAQs count toward complianceA merchant with only draft SAQs is treated the same as a merchant with no SAQ on file.
Two Paths to a Signed SAQ
There are two ways to produce a signed SAQ:
| Method | Description | When to Use |
|---|---|---|
| Generate & Sign | Create a draft SAQ via the API, populate it with merchant and questionnaire data, then sign it. Preczn generates the completed PDF from your SAQ template. | You want to build an SAQ completion workflow in your application using the Preczn API. |
| Upload Signed PDF | Upload an externally-signed SAQ PDF (e.g., completed and signed outside of Preczn via DocuSign, Adobe Sign, or another tool). | The merchant completes their SAQ outside of your platform and you need to record it in Preczn. |
Both methods result in a signed SAQ with a 365-day expiration and automatically update the merchant's lastSignedSAQ and lastSignedSAQExpiresOn fields.
See the SAQ Integration Guide for step-by-step implementation details.
Tracking Compliance
Preczn gives you two ways to monitor SAQ compliance, depending on whether you're working in the Dashboard or building with the API.
In the Dashboard
The Preczn Dashboard calculates a compliance status for each merchant and displays it as a color-coded badge on the SAQ tab:
| Status | Condition | What It Means |
|---|---|---|
| Compliant | Valid signed SAQ that expires more than 90 days from now | The merchant is in good standing. No action needed. |
| Expiring Soon | Valid signed SAQ that expires within 90 days | The merchant should begin the renewal process. |
| Expired | The most recent signed SAQ has passed its expiration date | The merchant is no longer compliant and needs a new SAQ immediately. |
| No SAQ | No signed SAQ on file | The merchant has never completed an SAQ through Preczn. |
This is a convenience for platform operators — the Dashboard does the date math and presents a ready-made status. See Managing SAQs in the Dashboard for a full walkthrough.
Via the API
The API does not return a calculated compliance status. Instead, it provides the raw data points you need to determine compliance on your own terms:
- Each merchant includes
lastSignedSAQExpiresOn— the expiration date of their most recent signed SAQ - The List Merchants endpoint supports query parameters to filter merchants by SAQ expiration:
saqExpired— find merchants whose SAQ has expired or who have no SAQ on filesaqExpiringWithinDays— find merchants whose SAQ expires within a given number of days
This gives you the flexibility to define your own compliance thresholds, build custom alerting, or integrate SAQ status into your existing reporting. See the SAQ Integration Guide for examples.
Capabilities
API
The SAQ API is the primary interface for managing SAQs. Most SAQ operations are headless, meaning you build your own UI and use the Preczn API to drive the workflow. The API supports:
- Creating and updating draft SAQs with merchant data and questionnaire responses
- Downloading draft PDFs for review before signing
- Signing SAQs to generate a completed PDF from your template
- Uploading externally-signed PDFs for SAQs completed outside your platform
- Downloading signed PDFs for archival or audit purposes
- Transmitting signed SAQs to supported processors (currently Payrix)
- Listing all SAQs for a merchant with pagination
- Filtering merchants by SAQ expiration status
See the SAQ Integration Guide for implementation walkthroughs, and the SAQ API Reference for full endpoint documentation.
Dashboard
The Dashboard provides SAQ visibility at two levels:
- Merchant Vault — An optional SAQ Expiration Date column lets you scan expiration dates across your entire merchant portfolio without opening individual records.
- SAQ Tab (Merchant Detail) — A detailed view of a single merchant's compliance, including:
- Compliance status badge calculated automatically from the merchant's SAQ expiration date
- Last Signed SAQ and Expires On cards for quick reference
- SAQ history table with all draft and signed SAQs for the merchant
- One-click PDF download for signed SAQ documents
- Click-to-copy SAQ IDs for easy reference in support or API calls
See Managing SAQs in the Dashboard for a full walkthrough.
Updated 21 days ago