medium
Single Answer
0Anton’s organization processes credit cards but is a small organization. As part of their annual requirements related to PCI DSS, Anton fills out a form about their PCI DSS compli- ance and submits it to their acquiring bank. What type of assessment has his organization conducted?
Answer Options
A
An internal regulatory audit
B
A self- assessment
C
An independent, third-party audit
D
An external compliance audit
Correct Answer: B
Explanation
Filling out forms attesting to your own organization’s compliance status is an example of a self-assessment. This is not an audit activity, PCI DSS is not a regulation, and no third parties were involved to make it external or independent and third party.