AoC refers to Attestation of Compliance. It is a document provided by a Qualified Security Assessor (QSA) or by an internal security assessor (ISA) after an organization has completed a PCI DSS (Payment Card Industry Data Security Standard) self-assessment or a full PCI DSS assessment. The AoC verifies that the organization has undergone the necessary assessments and meets the compliance requirements set by PCI DSS.