The link https://www.shopify.com/enterprise/pci-compliance-checklist#2 talks about practices to ensure PCI security. I am happy to do the below:
If your organization is at PCI compliance level 2, 3, or 4, your validation requirements are basically the same and include:
But to whom do I submit all of the artifacts and documentation to?
Rich Mikelinich / email@example.com
I have the same objective of the prior poster, My external auditor suggests we need to demonstrate PCI compliance and most card processors have given me very specific PCI requirements in the past.
We have constituents who require our PCI compliance, and I used these guys for the scanning and certification ---> https://sectigo.com/ssl-certificates-tls/pci-scanning. Once certified I just download the report and certificate, and forward it along!