Joan’s organization has recently remediated issues in their credit card processing environment. If Joan wants to be able to attest to the security of the environment, what action might she need to take to prove the security of the environment to customers?

Third-party audit documentation is a common practice for organizations that want to attest to their customers that they have a secure environment. Rescanning systems and providing vulnerability scans is not a common practice, nor is allowing customers to conduct their own scans of production systems.