The RSI Security blog site breaks down the ways in a few detail, but the procedure in essence goes similar to this: Formally attest your compliance. An AOC (attestation of compliance) is the form you employ to sign which you’ve reached PCI DSS compliance. Finishing your questionnaire without having “wrong” https://www.nathanlabsadvisory.com/blog/tag/information-security-policy/