What is the PCI DSS Attestation of Compliance?
Your company must attest that it is complying with the Data Security Standard annually if it handles credit card data electronically. This involves delivering a package of two or three items:
- Self-Assessment Questionnaire
- Regular network or website scanning by an Approved Scanning Vendor (may not be required in some cases) and a Report on Compliance by a Qualified Security Assessor (only needed by the very largest companies)
- Attestation of Compliance
There are 5 versions of the Attestation of Compliance, just as there are 5 versions of the Self-Assessment Questionnaire. If you qualify to use version A of the Questionnaire, use version A of the Attestation, etc.