AOC, ROC, SAQ: What Does It All Mean?

Auditwerx Triangle Logo

Share this post

If you’re new to PCI compliance, or even if you’re a seasoned expert, there are many different acronyms to remember when researching the best auditor to handle your report. AOC, ROC, SAQ – let’s explore the alphabet soup of PCI reporting.

AOC, ROC, SAQ: What Does It All Mean?

Defining PCI Reporting

The PCI DSS was created as a collaboration between the major credit card companies, and is used in conjunction with other data security standards. It was developed 

  • SAQ – A Self-Assessment Questionnaire is a series of yes-or-no questions designed to assess an entity’s compliance with the PCI DSS. These are usually completed by small service providers or merchants as a self-validation tool. It is important to work through these questions with an audit professional to ensure that all necessary standards are met. 
  • ROC – A Report On Compliance is a type of form that is used to verify a merchant’s compliance with PCI DSS. These forms are required for Level 1 Merchants. Level 2 Merchants may also be required to complete an ROC, based on circumstance.
  • AOC – An Attestation Of Compliance is one part of the SAQ or ROC.  This form allows merchants or service providers to attest to the final results of a PCI examination.

Your Trusted PCI Partner

When you’re ready to engage a PCI auditing company, look no further than Auditwerx. We have offered PCI compliance reporting to businesses of all sizes for over 10 years. 

Our experienced auditors are here to help you simplify PCI reporting, from remediating gaps during your readiness assessment to providing the guidance needed for a successful compliance engagement.

We use cookies to ensure the best experience. By accessing our site, you agree to our cookie policy.