PCI DSS Assessment Process

Confirm the scope of the PCI DSS assessment.
Perform the PCI DSS assessment of the environment, following the testing procedures for each requirement.
Complete the applicable report for the assessment (i.e., Self-Assessment Questionnaire (SAQ) or Report on Compliance (ROC)), including documentation of all compensating controls, according to the applicable PCI guidance and instructions.
Complete the Attestation of Compliance for Service Providers or Merchants, as applicable, in its entirety. Attestations of Compliance are available on the PCI SSC website.
Submit the SAQ or ROC, and the Attestation of Compliance, along with any other requested documentation—such as ASV scan reports—to the acquirer (for merchants) or to the payment brand or other requester (for service providers).
If required, perform remediation to address requirements that are not in place, and provide an updated report.