Because Its development, PCI DSS has gone through several iterations so as to keep up with variations to the online danger landscape. Whilst the basic rules for compliance have remained constant, new requirements are periodically added. Formally attest your compliance. An AOC (attestation of compliance) is the form you employ https://www.nathanlabsadvisory.com/blog/nathan/key-components-of-a-successful-incident-response-strategy/