The PCI Security Standards Council is a global forum with the aim of establishing security standards for account data protection. The Council is founded by five major payment brands (American Express, Discover Financial Services, JCB International, MasterCard, and Visa Inc.). The PCI Data Security Standard (DSS) defines operational and technical requirements for entities that store, process or transmit payment card information, including merchants, processors, acquires, issuers and service providers. The PCI DSS is administered and managed by the Council, however, the enforcement of compliance with the PCI DSS is carried out by the payment brands. PCI DSS comprises of 12 requirements covering 6 categories, including build and maintain a secure network and systems, protect cardholder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks and maintain an information security policy, for the applicable entities to assess whether they have maintained a secure environment for the protection of their affiliated payment card account data. SCCC Alibaba Cloud engaged with PCI SSC Approved Qualified Security Assessor (QSA) to assess compliance against PCI DSS v3.2.1.