Frequently Asked Questions

< Back to search page

Do QSAs and ASVs need to send reports of compliance (ROCs) or scanning results to the PCI Security Standards Council directly?

FAQ Response

No. QSAs and ASVs do not send reports of compliance or scanning results to the PCI Security Standards Council, and they should continue to follow the payment brand specific procedures.

February 2008
Article Number 1014

What date should be used for “Date of Report” in the ROC?

Does a QSA need to be onsite at the client’s premises for all aspects of a PCI DSS assessment?

Are operating systems that are no longer supported by the vendor non-compliant with the PCI DSS?

Is MPLS considered a private or public network when transmitting cardholder data?

What does “Servicing Markets” on the QSA listing mean?

Frequently Asked Questions

Do QSAs and ASVs need to send reports of compliance (ROCs) or scanning results to the PCI Security Standards Council directly?

Related Articles