PCI DSS provides several compliance validation tools, such as:

  • On-site Annual Security Audit

A detailed on-site compliance assessment performed by a PCI SSC certified QSA (Qualified Security Assessor) or by a certified ISA (Inetrnal Security Assessor). The Audit is a detailed review of an organization’s card data environment that result in a RoC (Report on Compliance) and AoC (Attestation of Compliance).

  • Self Assessment Questionnaire (SAQ)

Validation tool primarily used by merchants and service providers not required to undergo on on-site assessment in self evaluating their compliance with the PCI DSS.

  • External Vulnerability Scan

External network vulnerability scanning performed quarterly by an PCI SSC Approved Scanning Vendor (ASV) of all Internet-facing system components that are a part of or provide a path to the cardholder data environment.