What is PCI Attestation of Compliance (AoC)?

An Attestation of Compliance (AoC) is a document that confirms that an organization has undergone a Payment Card Industry Data Security Standard (PCI DSS) assessment and is compliant with the standard. The PCI DSS is a set of security standards developed by major credit card companies to ensure the protection of credit card data.

To obtain an AoC, an organization must undergo a PCI DSS assessment, which involves a thorough evaluation of the organization's security controls and practices. The assessment is typically conducted by a qualified security assessor (QSA) or an internal security team.

If the assessment determines that the organization meets all of the requirements of the PCI DSS, the QSA or internal team will issue an AoC. The AoC includes information about the scope of the assessment, the date of the assessment, and the assessor's findings. The AoC serves as proof of compliance with the PCI DSS and is often required by credit card companies and other stakeholders as evidence of a company's commitment to protecting credit card data.

Overall, an Attestation of Compliance is an important document that demonstrates an organization's compliance with the PCI DSS and its commitment to protecting sensitive credit card data.