The PCI DSS compliance model depends on risk assessment and mitigation. The testing instructions for PCI DSS published by the PCI Security Standards Council for QSA’s tell us to look for evidence of documentation being updated as a result of lessons learned from activating the