When you have completed the Self-Assessment Questionnaire, the next step is to complete the PCI Attestation of Compliance (AOC). The AOC is a form for merchants and service providers to attest to the results of a PCI DSS assessment, as documented in the Self-Assessment Questionnaire or Report on Compliance.
Remember to complete all relevant sections of this form carefully. Don't tick the 'compliant' box unless you are certain that you can satisfy all the requirements detailed in the SAQ. If you tick the 'Not-Compliant' box (Section 3), you must enter the data by which you intend to comply. Your acquirer may require that you complete a detailed remediation plan for each non-compliant requirement, as detailed in Section 4.
When you have fully completed the form, download in MS Word format via the orange Download SAQ AOC button at the top of the screen. The fully completed form, together with the completed Self-Assessment Questionnaire, should be submitted to your acquirer or payment card brand.
To access the online AOC, click on the AOC tab in the Assessment Management view.
