Document Comparison

AOC_SAQ_A_v3-1_rev1-1.pdf → AOC-SAQ_A-v3_2.pdf

94% similar

8 → 8 Pages

1649 → 1714 Words

8 Content Changes

Content Changes

8 content changes. 7 administrative changes (dates, page numbers) hidden.

Added p. 6

Section 3: Validation and Attestation Details Part 3. PCI DSS Validation This AOC is based on results noted in SAQ A (Section 2), dated (SAQ completion date).

Removed p. 2

ISA Name(s) (if applicable): Title:

Modified p. 4

Merchant accepts only card-not-present (e-commerce or mail/telephone-order) transactions); All processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers; Merchant does not electronically store, process, or transmit any cardholder data on merchant systems or premises, but relies entirely on a third party(s) to handle all these functions; Merchant has confirmed that all third party(s) handling storage, processing, and/or transmission of cardholder data are PCI DSS compliant; and ~~Merchant~~ retains ~~only~~ paper reports or ~~receipts with cardholder …~~

Merchant accepts only card-not-present (e-commerce or mail/telephone-order) transactions); All processing of cardholder data is entirely outsourced to PCI DSS validated third-party service providers; Merchant does not electronically store, process, or transmit any cardholder data on merchant systems or premises, but relies entirely on a third party(s) to handle all these functions; Merchant has confirmed that all third party(s) handling storage, processing, and/or transmission of cardholder data are PCI DSS compliant; and Any cardholder data the merchant retains is on paper …

Modified p. 6

~~Section 3: Validation and Attestation Details Part 3. PCI DSS Validation~~ Based on the results ~~noted~~ in the SAQ A ~~dated (completion date),~~ the signatories identified in Parts 3b-3d, as applicable, assert(s) the following compliance status for the entity identified in Part 2 of this ~~document as of (date):~~ (check one):

Based on the results documented in the SAQ A noted above, the signatories identified in Parts 3b-3d, as applicable, assert(s) the following compliance status for the entity identified in Part 2 of this document: (check one):

Removed p. 7

Signature of ISA  Date:

Modified p. 7

Part 3c. ~~QSA~~ Acknowledgement (if applicable) If a QSA was involved or assisted with this assessment, describe the role performed:

Part 3c. Qualified Security Assessor (QSA) Acknowledgement (if applicable) If a QSA was involved or assisted with this assessment, describe the role performed:

Modified p. 7

Part 3d. ~~ISA Acknowledgement~~ (if applicable) If ~~a ISA~~ was involved or assisted with this assessment, describe the role performed:

Part 3d. Internal Security Assessor (ISA) Involvement (if applicable) If an ISA(s) was involved or assisted with this assessment, identify the ISA personnel and describe the role performed:

Modified p. 8

PCI DSS Requirement* Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO 9 Restrict physical access to cardholder data Maintain a policy that addresses information security for all personnel * PCI DSS Requirements indicated here refer to the questions in Section 2 of the SAQ.

PCI DSS Requirement* Description of Requirement Compliant to PCI DSS Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) YES NO Do not use vendor-supplied defaults for system passwords and other security parameters 8 Identify and authenticate access to system components 9 Restrict physical access to cardholder data Maintain a policy that addresses information security for all personnel * PCI DSS Requirements indicated here refer to the questions in Section 2 of the SAQ.