Frequently Asked Questions

< Back to search page

Do QSAs and ASVs need to send reports of compliance (ROCs) or scanning results to the PCI Security Standards Council directly?

FAQ Response

No. QSAs and ASVs do not send reports of compliance or scanning results to the PCI Security Standards Council, and they should continue to follow the payment brand specific procedures.

February 2008
Article Number 1014

Are operating systems that are no longer supported by the vendor non-compliant with the PCI DSS?

Does a QSA need to be onsite at the client’s premises for all aspects of a PCI DSS assessment?

Is MPLS considered a private or public network when transmitting cardholder data?

How does my company become a qualified assessor (QSA, PA-QSA, QSA (P2PE), PA-QSA (P2PE)), or Approved Scanning Vendor (ASV)?

What date should be used for “Date of Report” in the ROC?

Frequently Asked Questions

Do QSAs and ASVs need to send reports of compliance (ROCs) or scanning results to the PCI Security Standards Council directly?

Related Articles