Any retailers still unsure whether their data security standards can pass muster now have a new way to see how safe (or not) customer data really is.

The Payment Card Industry Council has published a detailed set of “self-assessment questionnaires” for small and medium-sized retailers, who typically aren’t required to have their data security reviewed by outside auditors. The guidance addresses hundreds of scenarios; according to the PCI Council, it will go a long way to simplifying the self-assessment process for merchants and security consultants worried about PCI compliance.

The self-assessment questionnaires (known as SAQs) first divide merchants into broad categories. SAQ ...