PCI Audit

Determine Scope – Verify Cardholder Data environment components​

Report type – Determine with the Acquirer if report type is ROC or SAQ​

Data gathering – Review policies and procedures, and interview personnel​

Findings report – Generate report based on findings​

Presentation – Present findings and submit final report​