PCI DSS Assessments & Reporting from a Trusted Name
The PCI DSS Assessments reporting is the culmination of activities allowing an approved Qualified Security Assessor (QSA) to assist in preparing and/or issuing the required documentation as demanded by the major payment brands. The most commonly used term is the Report on Compliance (ROC). The ROC is what's demanded by Visa for reporting requirements for Service Providers and Merchants. Hence, because of Visa's large market share, the ROC is a common phrase used throughout the industry. However, other major payment brands also have requirements for reporting, such as the Discover DISC Attestation of Compliance form along with the Master Card Certificate of Validation. Additionally, American Express calls for an annual Executive Summary of Onsite Security Audit Report. And there are more terms and phrases used throughout the major payment brands to describe other reporting requirements. Currently, JCB does not have any reporting requirements, but they do have a useful website regarding information on PCI compliance.
Look upon the onsite fieldwork and consulting done by a Qualified Security Assessor (QSA) as the groundwork being laid for helping your organization meet the specific reporting requirements for PCI DSS compliance.
Author: Charles Denyer