Frequently Asked Questions

< Back to search page

Can I report on my Prioritized Approach progress instead of producing a Report on Compliance or Attestation of Compliance?

FAQ Response

The PCI SSC does not manage the process for reporting PCI DSS compliance. Please check with your acquiring bank or payment card brands for this information.

August 2013
Article Number 1257

What is an Attestation of Compliance?

Can an Attestation of Compliance (AOC) be provided to an assessed entity before the Report on Compliance (ROC) is finalized?

Which service provider category should I use for Part 2 of the PCI DSS Attestation of Compliance (AOC) for Service Providers?

What date should be used for “Date of Report” in the ROC?

Can the AOC be redacted to protect sensitive information?

Frequently Asked Questions

Can I report on my Prioritized Approach progress instead of producing a Report on Compliance or Attestation of Compliance?

Related Articles