PCI Audit and Compliance Reporting

The fundamentals for merchants
to be compliant.

What is PCI Audit and Compliance Reporting?

What is PCI Audit and Compliance Reporting?

PCI Audit and Compliance Reporting aids businesses with the completion of required reports: Self-Assessment Questionnaires (SAQs) or full Qualified Security Assessor (QSA) Reports on Compliance (ROCs).

On completion of the report, PGI’s consultant will also produce an Attestation of Compliance (AOC) to be signed by both the QSA conducting audit work and an Executive Officer of your organisation.

It is important to note that a ROC may be a mandatory requirement for some businesses. The PCI Security Standards Council requires Level 1 merchants (those processing more than 6 million transactions) to present a ROC for certification. An ROC can only be completed by an approved assessor, such as PGI, and cannot be done through a self-assessment by the company.

Benefits of PCI Audit and Compliance Reporting


PCI Audit and Compliance Reporting must be completed on standard issued forms from the PCI Security Standards Council. This ensures businesses have complete peace of mind that the methodology used to determine compliance—and the aspects of the cardholder data environment (CDE) that are examined—are consistently in line with the requirements set out by the standard.

Our consultants provide you with a detailed overview of your own CDE, highlighting the requirements that are compliant, not applicable, or not tested. Ideally the reports provide evidence to all stakeholders that your organisation is compliant with the standard.

For small/medium merchants that do not reach ROC transaction levels, eligibility for completing reduced SAQ versions may be applicable. This can significantly reduce your compliance overheads.

The PCI Audit and Compliance Reporting service:

Advanced Functionality

Fulfils the critical objective of showing that
your organisation is compliant

Risk Management

Provides peace of mind


Completes mandatory reports in a correct,
error-free format by knowledgeable
PCI DSS professionals


Makes use of appropriate SAQs to reduce
ongoing compliance requirements


May include, where applicable, analysis
of and completion of Compensating
Control Worksheets


Provides authorised, independent verification of compliance

Is PCI Audit and Compliance Reporting Right for You?

Is PCI Audit and Compliance Reporting right for you?

For level 1 Visa merchants, PCI Audit and Compliance Reporting is a necessary requirement for PCI DSS certification. However, it can also be beneficial for any organisation handling payment data.

Consider PCI Audit and Compliance Reporting if:

You have suffered a data breach in the past

You handle large volumes of non-Visa transactions

You are keen to demonstrate a strong commitment to payment data security

You are preparing for
an audit


Why choose PGI?

At PGI, we’re proud to be among a select group of assessors recognised and acknowledged by the PCI Security Standards Council (SSC) for expertise, experience, and professionalism in the field of payment data security.

As approved Qualified Security Assessors (QSA), we assess compliance to the latest standard (currently PCI DSS 3.2.1), helping you to minimise the reputational and financial risks associated with non-compliance, and ensure you’re demonstrating an ongoing commitment to security.

Register anchor

Want to purchase or need more information? Why not speak to one of our experts.

Choose a day and time and one of our team will be in touch.
Alternatively, call us on +44 (0)207 887 2699 or email us at clientservices@pgitl.com

+44 (0)207 887 2699
©2019 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Address: Unit 13/14, Swallow Court, Sampford Peverell, Tiverton, England, EX16 7EJ