ISO 27001:2022 and PCI DSS v4.0 compliance software

Define your scope and ISMS framework
Import assets using automated routines
Use the latest ISO 27001:2022 and PCI DSS v4.0 standards
Automatically completes the ROC
Automatically completes SAQs, Appendices and AOCs
Document management linking with your DMS
Full risk management and risk assessment processes
Internal audits, nonconformities, review meetings and action plans
Feature rich reports and charts generated across the ISMS

ISO 27001 compliance doesn’t have to be complicated or only achieved by the larger enterprise. The 27k1 ISMS is the perfect ISO 27001 solution for all businesses.

The 27k1 ROC Management System has been developed for PCI SSC certified QSA companies.

The 27k1 SAQ Management System combines the 27k1 ISMS platform with PCI DSS v4.0 controls to deliver a complete solution for Merchants and Service Providers.

Request a free demoRequest a no obligation system demonstration and see for yourself

27k1 to Exhibit at the PCI SSC Community Meeting

Portland, Oregon, USA - September 12/14, 2023

In addition to reserving an exhibition booth, 27k1 has secured a slot within the Tech Exchange. On September 13, Jeremy Martin will demonstrate how the software supports PCI DSS v4.0 compliance.

2023 North America Community Meeting

Portland Oregon PCI SSC Meeting

The 27k1 ROC Management System (RMS) has been developed for PCI SSC certified QSA companies, required to complete the Report On Compliance for Level 1 clients. To date, the task of completing the ROC manually, particularly Sections 1 to 6 and Part II is time consuming and prone to error. The 27k1 RMS resolves and simplifies these problems.

The 27k1 SAQ Management System (SAQMS) supports all merchants required to complete SAQ’s. These are automatically completed by the software and may be combined into a SAQ D Merchant or Service Provider, as necessary.

The 27k1 SAQMS delivers an advanced ISMS, will enable risk assessments using the NIST Cyber Security and Privacy Frameworks and includes a full list of PCI DSS v4.0 documents to support the compliance process.

Contact 27k1 to request a detailed system review.

27k1 ROC Management System - RMS.

The perfect solution for certified QSAs, streamlining the ROC assessment process, cutting costs, improving accuracy and generating efficiencies.

The compliance work undertaken within the RMS auto-populates the ROC, outputting the completed assessment in pdf format.

 Offers an intuitive and user-friendly interface

ROC Part 1 – One-time set up eliminates repeated data entry

Easy selection of SAQ eligibility criteria and other criteria – auto-populating the ROC Assessment findings in accordance with the standard

Manage the responses to test procedure reporting instructions, fluently linking to the evidence in Section 6

QSA work within the system populates the PCI SSC ROC template for export to pdf format

Manage compensating controls and customized approach worksheets

27k1 SAQMS Software for Level 1, 2 and 3 Merchants

Managing the security of financial transactions using credit cards and on-line payment systems is complex and problematic. At the same time, compliance with PCI DSS requirements is essential, since system breaches and data corruption within a merchant organisation carries the threat of sanctions or expulsion from the credit card provider.

To manage this situation, 27k1 has integrated the PCI DSS v4.0 standard with the ISO/IEC 27001:2022 ISMS to create two class leading solutions:

From selection of the SAQ, the correct PCI DSS v4.0 requirements are presented along with actions that need to be undertaken. Full progress reporting assists this activity, along with feature rich, automated reports.

Compliance work within the 27k1 software automatically populates SAQs, Appendices, Worksheets and the AOC.

The software retains this work, so that subsequent SAQ completion in following years is fully supported.

The system has been architected to enable remote access by Consultants/QSAs so that they can support their clients.


The 27k1 SAQMS enables:

Document management using hyperlinks to reference all supporting documentation and evidence.

Asset management where information security assets may be imported in advance of the risk assessment process.

Risk management using the ISO 27001 Annex A Controls.

Management review meetings to coordinate non-conformities, actions and continual improvements using Microsoft Teams.

Feature rich, granular reports and charts detail all elements of your compliance status.

The 27k1 SAQMS is the best way to safeguard your Cardholder Data Environment (CDE), protect your payment card operations, avoid penalties and comply with PCI DSS v4.0.

27k1 ISMS Software

ISO 27001:2022 contains 93 Annex A security controls and changes to several ISMS clauses which are supported by the 27k1 ISMS.

The Annex A controls span 4 main themes:

1. Organisational controls (37 controls)
2. People controls (8 controls)
3. Physical controls (14 controls)
4. Technological controls (34 controls)

The 93 controls include 12 new controls that have been added in response to major shifts in both technology and threats since 2013. The emphasis of the control changes is on cyber-attack prevention, detection and response, as well as better protecting sensitive data.

Those using spreadsheets to manage their ISMS data face a huge challenge in mapping the 2013 controls across to the 2022 controls.

The 27k1 ISMS software allows easy transition from the 2013 Annex A Control set to the 2022 Annex A Control set for those companies that have achieved ISO 27001 certification.

The software provides gap analysis, risk management, full control of management review meetings, internal audits and nonconformities with dashboard style reporting.

A selection of clients using the 27k1 ISMS software

met police
Sedcom Networks Ltd
Genus PLC

27k1 ISMS for Information Security Specialists

Implementers & Auditors

This software is a key system for your company's implementers and internal auditors. It allows you to move away from unwieldy and complex spreadsheets to a clear and easy to use system.

Used on an ongoing basis, the 27k1 ISMS can be readily referenced in the board room and prepares you for future audits at any time.

ISO27001 Consultants

Please contact us to discover the opportunities available to limited companies by partnering with us.


MIS Marine
Assure technical

The 27k1 ISMS is the perfect ISO 27001 solution for all businesses

The 27k1 ISMS application:

  • Is designed to be practical and intuitive to use. The software creates the ISMS, prepares the business for ISO 27001 certification and manages continuous improvements.
  • Provides total management of all Information Security asset data.
  • Lets system users run comprehensive and flexible risk management scenarios.
  • Tracks corrective actions and nonconformances from start to finish and attaches evidence to prove compliance.
  • Provides remote access to ISMS Consultants and Auditors.
  • Attractively priced for both ISO 27001 Consultants and all Companies.
  • Let's discuss your ISO 27001 project...
ISO 27001 ISMS Gap Analysis

GAP Analyses

Carry out a GAP Analysis using preconfigured ISO 27001 controls and clauses which suggest the recommended documentation.

Update GAP actions or tasks using the detailed project reports to track their progress.

27k1 ISMS Framework

ISMS Framework

This module sets the information Security policies, risk parameters and weights the impact and outcome of a risk assessment. The process is logical, intuitive and can be configured at every stage.
ISO 27001 asset management

Asset Management

All Information Security assets are managed in the Asset Manager, including personnel, hardware, software, outsourced services, etc.

Companies using spreadsheets or do not have an Asset or HR Register can choose to adopt the system’s asset management functionality, since it manages all asset details including the asset's lifecycle.

ISMS Documentation management system DMS


The 27k1 ISMS accesses the businesses documents through URL’s or hyperlinks. This means that users can continue to use, create, access and track documents in the company’s Document Management System (DMS), rather than using third party networks to store these valuable assets.
ISO27001 controlsand soa

ISO Controls & SoA

All Annex A Controls are listed, each being subject to user selection in readiness for automatically producing a Statement of Applicability. Assign documents to each Control and manage the actions that have been assigned, demonstrating compliance and on-going improvements.

SoA’s are offered in draft format then formally issued when all the Controls and supporting documents are in place.

Cyber Security Risk Management

Risk Management

System users can run comprehensive and flexible risk management scenarios, based on asset valuation and existing controls. This leads to inherent and residual risk assessment and treatment.
Nonconformities and corretive actions


The Conformance manager allows security breaches to be identified, allowing nonconformances and corrective actions to be raised, tracked and resolved. Conformance Reports highlight severity, root cause and preventive measures to be applied and actions taken.
management review meetings

Review Meetings

Using Microsoft 365 functionality, the system allows meetings to be diarised, invitations sent, agendas set and meeting notes recorded. Review meetings allow nonconformances and actions to be raised, tracked and resolved, enabling the continuous improvement of the ISMS.
27001 dashboard report

Internal Audits

The Internal Audit Manager module pulls in data that has been submitted to the 27k1 ISMS. It enables comprehensive internal audits on Clauses, Controls, Processes, Locations, Departments and Suppliers.

The system allows questions to be raised, audits to be planned in detail with auditees to be assigned and scheduled. The audits facilitate the raising of nonconformances, implementation of corrective actions and on-going improvements to the company’s information security position.

27001 dashboard report


The 27k1 ISMS provides a comprehensive range of reports in dashboard format accessible by all permitted company personnel The reports are rich in detail and accurately show the information security status of the business, demonstrating how each information security asset is performing against specific security measures and objectives.

The 27k1 ISMS / PCI DSS Integrated Platform

ISO 27001 ISMS architecture

Retain Control of the ISMS

Your company retains control over and access to its’ ISMS data at all times.

All ISO 27001 ISMS and PCI DSS data is stored on Azure SQL Database,  Amazon Microsoft SQL Server Database or a Microsoft SQL Server database located within your company network.

All documents, images, supporting evidence and certificates are stored, accessed and amended on your own document management system or Intranet using hyperlinks.