A vendor is unsure which forms are needed to complete an assessment. Who should they ask?

A vendor is unsure which forms are needed to complete an assessment. Who should they ask?
A . Assessor
B . Issuing banks
C . Payment brands
D . PCI SSC

View Answer

Answer: A

Explanation:

The assessor is the person who conducts the PCI Card Production Security Assessment and prepares the Card Production Report on Compliance (ROC) and the Card Production Attestation of Compliance (AOC). The assessor should be familiar with the forms that are needed to complete an assessment and provide guidance to the vendor on how to fill them out. The assessor should also ensure that the forms are consistent with the PCI Card Production Standards and the PCI CPSA Qualification Requirements. The other options are not the best sources of information for the vendor, as they may not be directly involved in the assessment process or have the expertise to advise on the forms.

References

PCI Card Production Security Assessor (CPSA) Program Guide, Version 1.0, April 2019, page 81 PCI Card Production Security Assessor (CPSA) Qualification Requirements, Version 1.0, April 2019, page 10

PCI Card Production and Provisioning Template for Report on Compliance, Version 1.0, April 2019, page 3

PCI Card Production and Provisioning Attestation of Compliance, Version 1.0, April 2019, page 22