The validation requirements differ based on whether your organisation is a Level 1, 2, 3 or 4 merchant. Level 1 merchants are required to complete an Annual Report on Compliance (“ROC”) by either a Qualified Security Assessor (“QSA”) or Internal Auditor if signed by officer of the company.
All levels are required to get Quarterly network scans completed by an ASV. All levels, except level 4 are required to complete the Attestation of Compliance Form.
Please refer to ‘Am I am Level 1, Level 2, Level 3 or Level 4 merchant?’ above for a full list of validation requirements.