Instructions and content for the Report on Compliance (ROC) are provided in the PCI DSS Report on Compliance (ROC) Template. The PCI DSS Report on Compliance (ROC) Template must be used as the template for creating a PCI DSS Report on Compliance. Whether any entity is required to comply with or validate their compliance to PCI DSS is at the discretion of those organizations that manage compliance programs (such as payment brands and acquirers). Entities should contact the organizations of interest to determine any reporting requirements and instructions.
