The Report on Compliance (ROC) is a completed PCI DSS assessment of an organization’s cardholder environment and includes the executive summary, PCI DSS requirements and sub-requirements, and appendix. The executive summary section is a description of how the entity accepts payment cards for business transactions and includes how and why the organization stores, processes, and/ or transmits cardholder data. The PCI DSS requirements/sub-requirements are the testing procedures of the organization’s cardholder data environment. The appendix contains additional PCI DSS requirements for different types of entities
