Create a Compliance Project
Organizations must create a Compliance Project record to link to their CDE, hold a copy of the ROC Control records, and store their respective due-diligence assessment results. A Compliance Project record can store multiple SAQ assessments, but only generates 1 ROC.
Use the following steps to create a Compliance Project record:
- In the General Information Section, enter a name and start date for the project.
- Select the PCI DSS version for which you want to conduct the assessment.
- In the PCI Cardholder Data Environment section, link an existing Cardholder Data Environment (CDE).
- On the Contact Info & Documentation tab, add the contact information and documentation to the appropriate sections.
- On the Self-Assessment (SAQ) tab, in the Questionnaire Selections section, select the appropriate SAQ type from the drop-down.
- Click Save.
- Click Add New to create new questionnaire.
- On the Control Population tab, select controls.
- On the Issues Management tab, resolve any open findings. For more information, see Managing Findings.
- On the Attestation and Reporting tab, click Generate ROC to generate your Report on Compliance.
Note: Archer provides the option to generate both 3.2.1 and 4.0 ROC template. You must select the appropriate ROC template depending on the PCI DSS Version for which you created the compliance project was.
- (Optional) In the Attestation of Compliance (AOC) section, click Add New to attach an internal attestation of compliance document.
- In the Report on Compliance section, click Add New to attach the generated ROC.
- Click Save.
