PCI DSS
Level | Number of operations | Annually | Quarterly |
---|---|---|---|
Level 1 | More than 6 million | Submit a Report on Compliance ("ROC") prepared by a Qualified Security Assessor ("QSA") or an internal auditor if such report is signed by the head of the company. We recommend PCI SSC Internal Security Assessor ("ISA") status to your internal auditor. Submit the Attestation of Compliance ("AOC") Form | Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization |
Level 2 | 1-6 million transactions | Conduct a conformity assessment by completing an Assessment Questionnaire ("SAQ"). Submit the Attestation of Compliance ("AOC") Form | Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization |
Level 3 | 20 thousand - 1 million | Conduct a conformity assessment by completing an Assessment Questionnaire ("SAQ"). Submit the Attestation of Compliance ("AOC") Form | Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization |
Level 4 | less than 20 thousand | Conduct a conformity assessment by completing an Assessment Questionnaire ("SAQ"). Submit the Attestation of Compliance ("AOC") Form | Conduct quarterly network scans by an Approved Scan Vendor ("ASV") organization |