The PCI Security Standards Council makes copies of the Attestation of Compliance (AOC) reporting templates for download as both PDFs and as editable Microsoft Word DOCX documents in their Document Library. Which AOC template you will use depends on the type of assessment you’re going through. If it’s an Onsite Assessment, you’ll be using an onsite AOC. If…
Author: Pete
Where can I download PCI DSS ROC template?
The PCI Security Standards Council has copies of the Report of Compliance (ROC) reporting template available to download as a PDF in their Document Library. The direct link to download the version 3.2.1 ROC reporting template is: https://www.pcisecuritystandards.org/documents/PCI-DSS-v3_2_1-ROC-Reporting-Template.pdf The PCI Security Standards Council also have AOC reporting templates available.
What is a PCI QSA?
When you’re dealing with PCI DSS compliance, the term QSA comes up a lot. So what is a QSA? It’s a good question, because the term ‘QSA’ can refer to at least 3 related things. The term QSA itself stands for Qualified Security Assessor, which is a qualification issued by the PCI Security Standards Council.…
What is the PCI Dream Team?
You don’t have to spend too much time researching the world of PCI DSS compliance to hear of the “PCI Dream Team.” So who are they, and what do they do? The name “PCI Dream Team” is a somewhat tongue-in-cheek name for a group of 4 senior QSAs and security consultants. Collectively they’ve been in…
What is a PCI DSS AOC?
If you’re asking this question, you probably already know that the PCI DSS is the Payment Card Industry Data Security Standard. So what’s the PCI DSS AOC? Well, AOC stands for Attestation of Compliance, and it’s a document that shows your company complies with the requirements in the PCI DSS itself. Companies subject to the…
What does PCI DSS stand for?
Simply, PCI DSS stands for the Payment Card Industry Data Security Standard. Here, Payment Card Industry refers to companies handling payment card data belonging to one of the 5 payment card brands: American Express, Discover, JCB, Mastercard, and Visa. In the mid-2000’s these 5 companies formed the PCI Security Standards Council to oversee development of…
What are Merchant Levels for PCI compliance?
You’ll find lots of sites out there listing PCI merchant compliance levels. They mostly make straightforward statements like “PCI requires merchants of transaction volumes over 6 million per year to be level 1”. This is a nice, simple approach. Unfortunately, it’s also wrong in a couple of different ways. PCI DSS doesn’t have any requirements…
What is Level 1 PCI DSS Compliance?
This is another good question. If you search the PCI Council site (the maintainers of the PCI DSS suite), you won’t find any tables outlining different levels of compliance at all. There’s a reason for that, which is to do with how the PCI DSS first came to be. Historically, the various card brands including…
What is a PCI Compliance Certificate?
Working at MasterCard and Visa level 1 organizations, I’ve been asked for my “PCI Certificate” on a regular basis. But in the PCI DSS world, there is nothing called a PCI Certificate. So what’s really being requested? Ultimately, a PCI compliance certificate would be a piece of evidence showing that a company complies with the…
The Best PCI DSS Advice
I’ve been working in the card processing space for almost 20 years, which means I’ve seen PCI DSS evolve from its earliest days to its current form. In that time I’ve worked with lots of outside companies as clients and service providers. PCI DSS is sometimes thought of as a very strict standard, one that…