The PCI DSS assessment process includes the following high-level steps: 5
- Confirm the scope of the PCI DSS assessment process.
- Perform the PCI DSS assessment of the environment.
- Complete the applicable report for the assessment according to PCI DSS guidance and instructions.
- Complete the Attestation of Compliance for Service Providers or Merchants, as applicable, in its entirety. Official Attestations of Compliance are only available on the PCI SSC website.
- Submit the applicable PCI SSC documentation and the Attestation of Compliance, along with any other requested documentation—such as ASV scan reports—to the requesting organization (those that manage compliance programs such as payment brands and acquirers (for merchants), or other requesters (for service providers)).
- If required, perform remediation to address requirements that are not in place and provide an updated report.