The RSI Security weblog breaks down the steps in a few depth, but the procedure in essence goes similar to this: This enables all corporations—from big companies to startups and compact and medium enterprises, which may not hold the requisite security infrastructure and personnel—to remain shielded and PCI DSS compliant. https://www.nathanlabsadvisory.com/blog/category/nathan/page/3/