Does PCI provide an Attestation of Compliance report?

October 19, 2015 Debbie Zaller

The result of a compliant PCI DSS assessment is the generation of an Attestation of Compliance (AOC) as well as a Report on Compliance (RoC). The AOC is attesting to the organization’s compliance with the PCI DSS standards, different than an audit attestation report, which may be governed by the AICPA.

About the Author

Debbie Zaller

Debbie Zaller is a Principal at Schellman & Company,LLC. Debbie leads the SOC 2 and SOC 3 service line and is also an AICPA SOC Specialist. Debbie has over 15 years of IT attestation experience and currently spearheads Schellman’s SOC 2 practice, where she is responsible for internal training, methodology creation, and quality reporting. Debbie was a past member of the Florida Institute of Certified Public Accountants’ Board of Governors and served on the Finance and Office Advisory Committee.

More Content by Debbie Zaller
Previous Article
PCI SSC Explains How To Respond to a Data Breach
PCI SSC Explains How To Respond to a Data Breach

Originally published on

Next Article
P2PE Version 2.0 Released
P2PE Version 2.0 Released

Just before the July 4th weekend in the US, the PCI SSC released version 2.0 of the PCI Point-to-Point Encr...