What are the accepted PCI documents?

PCI DSS validation documents

We accept only official PCI DSS validation documents listed in the PCI SSC’s document library.

• For merchants and service providers classified as Level 1, we only accept an Attestation of Compliance (AoC) signed by you and the Qualified Security Assessor (QSA).
• Any unofficial PCI SSC certificates or documents by a third party aren’t accepted.

What is a RoC?

A Report on Compliance (RoC) is a report documenting detailed results from an entity’s PCI DSS onsite assessment.

Don’t share your RoC

Your RoC must remain confidential as it contains information about your internal infrastructure, policies, process, and organization. We’ll never ask you to share your RoC with us. You should only share with us your AoC, which is a summary of your RoC.