PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1458 Published

What date should be used for ?Date of Report? in the ROC?

The ?Date of Report? indicates the completion date of the ROC, and therefore must be no earlier than the date on which the QSA completed collection and validation of corresponding evidence to support the QSA?s findings documented in the ROC.

Note: Per the QSA Program Guide, the dates of the ROC and AOC cannot predate completion of the PCI DSS Assessment, and the date of the AOC cannot predate the corresponding ROC. As a matter of accuracy, the date of the ROC and AOC should not be in the future. See also FAQCan an Attestation of Compliance (AOC) be provided to an assessed entity before the Report on Compliance (ROC) is finalized?

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.