PCI DSS v4.x Compliance Software

The 27k1 ROC Management System (RMS) is dedicated to certified QSA companies.

ISO 27001:2022 ISMS Software

The 27k1 ISMS is the perfect ISO 27001 solution for all businesses.

27k1 ROC Management System (RMS)

PCI DSS v4.x Compliance Software - Dedicated to QSA Companies

The perfect solution for certified QSAs, streamlining the ROC assessment process, cutting costs, improving accuracy and generating efficiencies.

Load your own, corporate branded ROC and AOC templates into the software to produce corporate branded assessments

Create your "Response Library" to automate responses for every ROC assessment

Use MFA or Managed Identity to control and secure QSA access to the 27k1 RMS

Manage QSA and QA access to each ROC assessment using their account name

Segment Documentation, Interview, Observation and System evidence requirements to improve workflow

Improve QSA efficiency and reduce stress - saves around six days per ROC Assessment

27k1 RMS System Training – Free of Charge

Request a free demoRequest a no obligation system demonstration and see for yourself
27k1 RMS - Customer Case Study, April 2025
Razorthorn security
Download the full QSAC case study for a Level 1 Merchant (PDF)
Time and Cost Benefits

“Previously, the ROC assessment would have taken between 30 and 40 days, comprised of QSA and QA engagement. Using the 27k1 RMS, to write the ROC assessment, we have reduced this time to 25 - 30 days, saving 10 - 15 days and reducing costs by at least £5,000. The time saved has allowed Razorthorn to collaborate more closely with our client, strengthening the relationship and allowing us to demonstrate the key data requirements so that the client will better manage their PCI compliance on a BAU basis.”

David Adams, added: “As a PCI DSS QSAC, Razorthorn Security have found the 27K1 tool to be an invaluable aid to creating the PCI DSS compliant Report on Compliance (ROC) and Attestation of Compliance (AOC) for our clients in a timely manner.”

27k1 QSAC Client Testimonials

Image

"The 27k1 ROC Management System has proven invaluable with the updates to PCI DSS and the revised ROC reporting template, which requires numerous radio buttons to be selected and completed. The application is highly user-friendly, and the customer support is exceptional, with the team responding to inquiries and requests almost immediately. The time savings we've achieved by using the 27k1 ROC Management System has allowed us to dedicate more effort to guiding our customers on how best to meet PCI DSS requirements.  Overall, the application is a great tool, completely recommend it to maximize efficiencies and increase productivity."

3FACTOR Cybersecurity Consulting

Image

“The 27k1 PCI DSS auditing tool offers a comprehensive and user-friendly solution for managing our PCI DSS compliance. Its intuitive interface has made the auditing process seamless and efficient”

PCI DSS - Evolution Global Security Company

Image

"I want to thank everyone at 27k1 for their support in recent weeks as we completed our first ROC using the 27k1 RMS tool! Your openness to our suggestions for streamlining our work has been invaluable. This collaboration improves the product for everyone, and I'm so excited to be a part of this user community."

North America - RGP global consulting and project execution for business transformation

27k1 ISMS Software for ISO 27001:2022

ISO 27001:2022 contains 93 Annex A security controls and changes to several ISMS clauses which are supported by the 27k1 ISMS.

The Annex A controls span 4 main themes:

1. Organisational controls (37 controls)
2. People controls (8 controls)
3. Physical controls (14 controls)
4. Technological controls (34 controls)

The 93 controls include 12 new controls that have been added in response to major shifts in both technology and threats since 2013. The emphasis of the control changes is on cyber-attack prevention, detection and response, as well as better protecting sensitive data.

Those using spreadsheets to manage their ISMS data face a huge challenge in mapping the 2013 controls across to the 2022 controls.

The 27k1 ISMS software allows easy transition from the 2013 Annex A Control set to the 2022 Annex A Control set for those companies that have achieved ISO 27001 certification.

The software provides gap analysis, risk management, full control of management review meetings, internal audits and nonconformities with dashboard style reporting.

27k1 ISMS Customer Testimonials

Sedcom Networks Ltd
Image
Image

A selection of clients using the 27k1 ISMS software

Image
Image
Genus PLC

The 27k1 ISMS is the perfect ISO 27001 solution for all businesses

The 27k1 ISMS application:

  • Is designed to be practical and intuitive to use. The software creates the ISMS, prepares the business for ISO 27001 certification and manages continuous improvements.
  • Provides total management of all Information Security asset data.
  • Lets system users run comprehensive and flexible risk management scenarios.
  • Tracks corrective actions and nonconformances from start to finish and attaches evidence to prove compliance.
  • Provides remote access to ISMS Consultants and Auditors.
  • Attractively priced for both ISO 27001 Consultants and all Companies.
  • Let's discuss your ISO 27001 project...
ISO 27001 ISMS Gap Analysis

GAP Analyses

Carry out a GAP Analysis using preconfigured ISO 27001 controls and clauses which suggest the recommended documentation.

Update GAP actions or tasks using the detailed project reports to track their progress.

27k1 ISMS Framework

ISMS Framework

This module sets the information Security policies, risk parameters and weights the impact and outcome of a risk assessment. The process is logical, intuitive and can be configured at every stage.
ISO 27001 asset management

Asset Management

All Information Security assets are managed in the Asset Manager, including personnel, hardware, software, outsourced services, etc.

Companies using spreadsheets or do not have an Asset or HR Register can choose to adopt the system’s asset management functionality, since it manages all asset details including the asset's lifecycle.

ISMS Documentation management system DMS

Documentation

The 27k1 ISMS accesses the businesses documents through URL’s or hyperlinks. This means that users can continue to use, create, access and track documents in the company’s Document Management System (DMS), rather than using third party networks to store these valuable assets.
ISO27001 controlsand soa

ISO Controls & SoA

All Annex A Controls are listed, each being subject to user selection in readiness for automatically producing a Statement of Applicability. Assign documents to each Control and manage the actions that have been assigned, demonstrating compliance and on-going improvements.

SoA’s are offered in draft format then formally issued when all the Controls and supporting documents are in place.

Cyber Security Risk Management

Risk Management

System users can run comprehensive and flexible risk management scenarios, based on asset valuation and existing controls. This leads to inherent and residual risk assessment and treatment.
Nonconformities and corretive actions

Nonconformities

The Conformance manager allows security breaches to be identified, allowing nonconformances and corrective actions to be raised, tracked and resolved. Conformance Reports highlight severity, root cause and preventive measures to be applied and actions taken.
management review meetings

Review Meetings

Using Microsoft 365 functionality, the system allows meetings to be diarised, invitations sent, agendas set and meeting notes recorded. Review meetings allow nonconformances and actions to be raised, tracked and resolved, enabling the continuous improvement of the ISMS.
27001 dashboard report

Internal Audits

The Internal Audit Manager module pulls in data that has been submitted to the 27k1 ISMS. It enables comprehensive internal audits on Clauses, Controls, Processes, Locations, Departments and Suppliers.

The system allows questions to be raised, audits to be planned in detail with auditees to be assigned and scheduled. The audits facilitate the raising of nonconformances, implementation of corrective actions and on-going improvements to the company’s information security position.

27001 dashboard report

Reports

The 27k1 ISMS provides a comprehensive range of reports in dashboard format accessible by all permitted company personnel The reports are rich in detail and accurately show the information security status of the business, demonstrating how each information security asset is performing against specific security measures and objectives.
Learn more

The 27k1 ISMS Platform

ISO 27001 ISMS architecture

Retain Control of the ISMS

Your company retains control over and access to its’ ISMS data at all times.

All ISO 27001 ISMS and PCI DSS data is stored on Azure SQL Database,  Amazon Microsoft SQL Server Database or a Microsoft SQL Server database located within your company network.

All documents, images, supporting evidence and certificates are stored, accessed and amended on your own document management system or Intranet using hyperlinks.