Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Follow us


Glossary Terms

Showing search results for:

Attestation of Compliance (AOC)

Attestation of Compliance (AOC) is the documentation that validates the compliance status of an organization.

Cardholder Data (CHD)

Cardholder data is any information on a customer's payment card.

Cardholder Data Environment (CDE)

Cardholder Data Environment (CDE) includes all the people and technologies that can impact the security of cardholder data.


A merchant is any entity that accepts payment cards, according to the PCI Security Standards Council.

Payment Card Industry Data Security Standard (PCI DSS)

The PCI DSS is a set of requirements for all organizations that store, process, transmit, or impact security of branded customer cardholder data.

Qualified Security Assessor (QSA)

Qualified Security Assessor is an organization or individual that compliance auditing.

Report on Compliance (ROC)

Learn about a Report on Compliance (ROC) and how they are obtained.

Self-Assessment Questionnaire (SAQ)

A Self-Assessment Questionnaire is a way for merchants and service providers to validate PCI compliance.

Service Provider

A service provider is involved in the processing, storage, and transmission of a credit card holder's data.

No results found 🤷

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.