PCI Validation Assessment
NCI provides Canadian QSAs to perform the on-site PCI DSS Validation Assessment and complete the Report of Compliance (RoC).
Level 1 merchants must prove their PCI compliance yearly, with an on-site Validation Assessment of their Credit Card Data environment. Other merchants may have similar reporting requirements dictated by their acquirer, especially if they have had a breach in the past, or directed by their Board of Directors.
The QSA will review the client's documentation, and verify the accuracy and validity of the documentation based on an on-site examination of a sample of their environment. A review of policies, procedures, and staff training is also included.
The expectation is that the client is PCI DSS compliant at the time of the Assessment.