Blog Posts Tagged with "PCI ROC"


A Reason Why the PCI Standards Get No Respect

May 11, 2012 Added by:PCI Guru

The PCI SSC only requires its assessors document the services they provide in their assessment reports. While that offers a certain amount of transparency, when you read some of these ROCs, it becomes painfully obvious that some QSACs are assessing their own security services...

Comments  (0)


It is Time to Address PCI Compliance Reporting

September 22, 2011 Added by:PCI Guru

The QA process: it all comes down to having used the correct language in responding to the ROC, rather than whether or not you actually assessed the right things. To add insult to injury, the PCI SSC advises QSACs to develop a template for the ROC with all the correct language written and proofed...

Comments  (3)


Card Brand Merchant Level Tables

September 08, 2011 Added by:PCI Guru

Sometimes you can negotiate with your processor or acquiring bank to get your multiple legal entities treated as a single entity and do one compliance filing. The key is that you need to negotiate this change before you start your PCI compliance efforts, not after the fact...

Comments  (1)