{"id":1860,"date":"2012-04-06T00:00:00","date_gmt":"2012-04-06T00:00:00","guid":{"rendered":"http:\/\/otava.test\/pci-report-on-compliance\/"},"modified":"2012-04-06T00:00:00","modified_gmt":"2012-04-06T00:00:00","slug":"pci-report-on-compliance","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/","title":{"rendered":"PCI Report on Compliance"},"content":{"rendered":"<p>If your company collects, transmits, stores or processes credit cardholder data, you will need to create a PCI DSS Report on Compliance at least annually for on-site assessments or self-reporting questionnaires. To sustain ongoing compliance after the initial point-in-time assessment, your company needs to design and implement a set of controls specific to PCI and security.<\/p>\n<p>The PCI Security Standards Council provides a template for an attestation of compliance:<\/p>\n<p><strong>Executive Summary<\/strong><\/p>\n<ul>\n<li>Entity\u2019s payment card business description<\/li>\n<li>High level network diagram<\/li>\n<\/ul>\n<p><strong>Description of Scope of Work and Approach Taken<\/strong><\/p>\n<ul>\n<li>How the assessment was made<\/li>\n<li>Environment<\/li>\n<li>Network segmentation used<\/li>\n<li>Details for each sample set tested<\/li>\n<li>Any international entities requiring compliance with PCI DSS<\/li>\n<li>Wireless networks or applications<\/li>\n<li>Version of PCI DSS used to conduct assessment (2.0 is the latest)<\/li>\n<\/ul>\n<p><strong>Details About Reviewed Environment<\/strong><\/p>\n<ul>\n<li>Network diagrams<\/li>\n<li>Cardholder data environment<\/li>\n<li>List of hardware and software in the cardholder data environment (CDE)<\/li>\n<li>Service providers<\/li>\n<li>Third-party applications<\/li>\n<li>Individuals interviewed<\/li>\n<li>Documentation reviewed<\/li>\n<li>Reviews of managed service providers<\/li>\n<\/ul>\n<p><strong>Contact Information and Reporting Date<\/strong><\/p>\n<p><strong>Quarterly Scan Results<\/strong><\/p>\n<ul>\n<li>Including the four most recent ASV (approved scanning vendor) scan results<\/li>\n<\/ul>\n<p><strong>Findings and Observations<\/strong><\/p>\n<ul>\n<li>Requirements and sub-requirements<\/li>\n<li>Explain N\/A responses<\/li>\n<li>Validation of all compensating controls<\/li>\n<\/ul>\n<p>When it comes to documenting details about your reviewed environment, any of your managed service providers\/<a href=\"https:\/\/otavawebsite.wpengine.com\/compliance-security\/pci-compliant-cloud\/\">PCI hosting<\/a> providers should be able to produce their own attestation of compliance report to inform your company about their controls and security. This can save you the time it takes to review and report on their compliance as it affects your company and cardholder data.<\/p>\n<p>References:<br \/>\n<a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/PCI%20SSC%20Quick%20Reference%20Guide.pdf\">PCI DSS Quick Reference Guide (Version 2.0)<\/a> (PDF)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>If your company collects, transmits, stores or processes credit cardholder data, you will need to create a PCI DSS Report on Compliance at least annually for on-site assessments or self-reporting questionnaires. To sustain ongoing compliance after the initial point-in-time assessment, your company needs to design and implement a set of controls specific to PCI and security. The PCI Security Standards Council provides a template for an attestation of compliance: Executive Summary Entity\u2019s payment card business description High level network diagram Description of Scope of Work and Approach Taken How the assessment was made Environment Network segmentation used Details for each sample set tested Any international entities requiring compliance with PCI DSS Wireless networks or applications Version of PCI DSS used to conduct assessment (2.0 is the latest) Details About Reviewed Environment Network diagrams Cardholder data environment List of hardware and software in the cardholder data environment (CDE) Service providers Third-party applications Individuals interviewed Documentation reviewed Reviews of managed service providers Contact Information and Reporting Date Quarterly Scan Results Including the four most recent ASV (approved scanning vendor) scan results Findings and Observations Requirements and sub-requirements Explain N\/A responses Validation of all compensating controls When it comes to documenting details about&#8230;<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"other_category":[],"class_list":["post-1860","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>PCI Report on Compliance | OTAVA<\/title>\n<meta name=\"description\" content=\"If your company deals with credit cardholder data, you will need to create a PCI DSS Report on Compliance at least annually.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PCI Report on Compliance\" \/>\n<meta property=\"og:description\" content=\"If your company deals with credit cardholder data, you will need to create a PCI DSS Report on Compliance at least annually.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/\" \/>\n<meta property=\"og:site_name\" content=\"OTAVA\" \/>\n<meta property=\"article:published_time\" content=\"2012-04-06T00:00:00+00:00\" \/>\n<meta name=\"author\" content=\"Irma Brillantes\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Irma Brillantes\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/\"},\"author\":{\"name\":\"Irma Brillantes\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\"},\"headline\":\"PCI Report on Compliance\",\"datePublished\":\"2012-04-06T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/\"},\"wordCount\":268,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/\",\"url\":\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/\",\"name\":\"PCI Report on Compliance | OTAVA\",\"isPartOf\":{\"@id\":\"https:\/\/www.otava.com\/#website\"},\"datePublished\":\"2012-04-06T00:00:00+00:00\",\"description\":\"If your company deals with credit cardholder data, you will need to create a PCI DSS Report on Compliance at least annually.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.otava.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PCI Report on Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.otava.com\/#website\",\"url\":\"https:\/\/www.otava.com\/\",\"name\":\"OTAVA\u00ae\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.otava.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.otava.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.otava.com\/#organization\",\"name\":\"OTAVA\u00ae\",\"url\":\"https:\/\/www.otava.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"contentUrl\":\"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg\",\"caption\":\"OTAVA\u00ae\"},\"image\":{\"@id\":\"https:\/\/www.otava.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263\",\"name\":\"Irma Brillantes\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g\",\"caption\":\"Irma Brillantes\"},\"url\":\"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PCI Report on Compliance | OTAVA","description":"If your company deals with credit cardholder data, you will need to create a PCI DSS Report on Compliance at least annually.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/","og_locale":"en_US","og_type":"article","og_title":"PCI Report on Compliance","og_description":"If your company deals with credit cardholder data, you will need to create a PCI DSS Report on Compliance at least annually.","og_url":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/","og_site_name":"OTAVA","article_published_time":"2012-04-06T00:00:00+00:00","author":"Irma Brillantes","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Irma Brillantes","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/#article","isPartOf":{"@id":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/"},"author":{"name":"Irma Brillantes","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263"},"headline":"PCI Report on Compliance","datePublished":"2012-04-06T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/"},"wordCount":268,"commentCount":0,"publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/","url":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/","name":"PCI Report on Compliance | OTAVA","isPartOf":{"@id":"https:\/\/www.otava.com\/#website"},"datePublished":"2012-04-06T00:00:00+00:00","description":"If your company deals with credit cardholder data, you will need to create a PCI DSS Report on Compliance at least annually.","breadcrumb":{"@id":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.otava.com\/blog\/pci-report-on-compliance\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.otava.com\/"},{"@type":"ListItem","position":2,"name":"PCI Report on Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.otava.com\/#website","url":"https:\/\/www.otava.com\/","name":"OTAVA\u00ae","description":"","publisher":{"@id":"https:\/\/www.otava.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.otava.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.otava.com\/#organization","name":"OTAVA\u00ae","url":"https:\/\/www.otava.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","contentUrl":"https:\/\/www.otava.com\/wp-content\/uploads\/2025\/03\/otava-logo.svg","caption":"OTAVA\u00ae"},"image":{"@id":"https:\/\/www.otava.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.otava.com\/#\/schema\/person\/35774075f8f4fcdd4eae80cb72034263","name":"Irma Brillantes","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d5251bebc1699793a698d1a6158603cb3cdc50a095a12357e42d415b3e5546c2?s=96&d=mm&r=g","caption":"Irma Brillantes"},"url":"https:\/\/www.otava.com\/blog\/author\/ibrillantesotava-com\/"}]}},"_links":{"self":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/comments?post=1860"}],"version-history":[{"count":0,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/posts\/1860\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/media?parent=1860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/categories?post=1860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/tags?post=1860"},{"taxonomy":"other_category","embeddable":true,"href":"https:\/\/www.otava.com\/wp-json\/wp\/v2\/other_category?post=1860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}