Report on Compliance
E830578
Report on Compliance is a formal PCI DSS assessment document produced by a Qualified Security Assessor that details an organization’s adherence to payment card data security requirements.
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
PCI DSS assessment document
ⓘ
compliance report ⓘ |
| assessmentType | point-in-time assessment ⓘ |
| associatedWith | PCI Security Standards Council NERFINISHED ⓘ |
| audience |
acquirers and payment brands
ⓘ
internal risk and compliance teams ⓘ |
| basedOn | PCI Security Standards Council ROC template ⓘ |
| confidentiality | restricted distribution ⓘ |
| describes |
organization’s cardholder data environment
ⓘ
scope of PCI DSS assessment ⓘ |
| documents |
final compliance determination
ⓘ
identified gaps and remediation status ⓘ sampling approach for systems and locations ⓘ testing methodology used by QSA ⓘ |
| evidenceType |
documentation review
ⓘ
interviews ⓘ technical testing ⓘ |
| format | formal written report ⓘ |
| frequency | typically annual ⓘ |
| governsStandard | PCI DSS NERFINISHED ⓘ |
| hasAbbreviation | ROC NERFINISHED ⓘ |
| includes |
assessment of each PCI DSS requirement
ⓘ
attestation of compliance section ⓘ compensating controls ⓘ description of segmentation controls ⓘ detailed testing procedures ⓘ evidence of policies and procedures ⓘ executive summary ⓘ list of in-scope systems and locations ⓘ test results ⓘ |
| language | typically English ⓘ |
| lifecycleStage | produced after completion of onsite assessment ⓘ |
| producedBy | Qualified Security Assessor NERFINISHED ⓘ |
| producedFor |
acquiring bank
ⓘ
assessed organization ⓘ payment card brands ⓘ |
| purpose |
demonstrate PCI DSS compliance status
ⓘ
document adherence to PCI DSS requirements ⓘ provide detailed evidence of security controls ⓘ |
| regulates | cardholder data security controls ⓘ |
| requiredBy |
payment brands for Level 1 merchants
ⓘ
payment brands for certain service providers ⓘ |
| scopeIncludes | people, processes, and technologies handling cardholder data ⓘ |
| signedBy |
Qualified Security Assessor company
ⓘ
assessed organization’s officer ⓘ |
| usedFor |
merchant compliance validation
ⓘ
service provider compliance validation ⓘ supporting evidence for Attestation of Compliance ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.