FAQ #1356 Diff

In the context of PCI SSC-related validation and compliance reports, the intent of requiring a signature from a ?duly authorized officer?"duly authorized officer" is to ensure the Company is aware of and has formally signed off on the work being done together with all associated Company liability for that work. A "duly authorized officer" must have authority to legally bind the company for purposes of the report. Although the signatory?ssignatory's job title need not include the term ?officer,?"officer," the signatory must be formally authorized by the Company to sign such documents on the Company?s behalf,Company's behalf and should be competent and knowledgeable regarding the applicable PCI SSC program and related requirements and duties.   Each organization is different,different and is ultimately responsible for defining its own policies and job functions based on the Company?sCompany's needs and culture.

Examplesculture.Examples of signatories that are not ?duly authorized officers?"duly authorized officers" include non-employees, attestants or notaries, and any other individual (whether employed by the Company or not) who either is not employedauthorized to make binding commitments on the Company's behalf and/or are merely attesting to the genuineness of the document or signature by the Company) who either isadding their own signature. Signature authority for materials submitted to PCI SSC may not authorized to make binding commitmentsbe outsourced to any third party.This FAQ applies to all PCI SSC programs. Refer to each applicable PCI SSC program guide, available on the Company?s behalf and/or are merely attesting to the genuineness of the document or signature by adding their own signature. Signature authority for materials submitted to PCI SSC may not be outsourced towebsite, for any third party. Theadditional context for a duly authorized officer is ultimately accountable for the completeness, accuracy and integrity of the contents of the report.officer.