The only person asking for PCI compliance is QuickBooks. We do not do any other credit card transactions.

It is my understanding after making calls to a couple organizations now. 

Since we are already PCI-compliant outside Intuit, we don't need to be compliant via SecurityMetrics as long as cardholder information and authentication data are protected.

Using the form from https://listings.pcisecuritystandards.org/documents/SAQ_A_v3.pdf confirms we are compliant

Quickbooks doesn't need to retain this form unless there had a breach or Common Point of Purchase inquiry.

You can confirm this by calling the PCI Standards group (https://www.pcisecuritystandards.org/contact_us/) and picking '1' once the messaging starts. 

We will keep our self assessment on file and review annually.

Is any of this incorrect?