That’s why the 27k1 ROC Management System has been developed for certified QSA companies. Built from the ground up, it focuses on generating efficiencies and saving time.
The 27k1 RMS streamlines the ROC assessment process: cutting costs, increasing accuracy, improving quality and reducing stress. The payback is immediate.
This is how it works...
A final check that all assessment findings and all assessor responses are complete.
The 27k1 RMS gives QSA’s a digitized version of the PCI DSS v4.0.1 “Word” template.
Setting the Entity’s Eligibility Criteria initiates the auto-population of intelligent and accurate responses across ‘000’s of fields within the ROC.
Collect the Evidence to support Sections 6.2 to 6.6 from your Evidence repository, then use the SharePoint API to auto-populate these key sections of the ROC assessment.
A click of the mouse converts the digital data to complete the entire ROC template, branded to reflect your QSAC’s corporate identity.






The Narrative Library consists of hundreds of predefined responses, each one associated with individual PCI Requirements across every section of the ROC.
The narrative responses may be exported and tailored to individual QSA requirements or customized and applied to particular Entity’s using AI.
Once AI has been deployed to adapt the responses, they may be imported to the 27k1 RMS and deployed on a particular ROC assessment from the Narrative Response menu.


The RMS provides a separate QA module, allowing QA to securely access any ROC assessment at any time.
For every Requirement assessed by the QSA and passed to QA for review, a completion status is applied:
Green = Ready for QA
Blue = QA Approved
Brown = In Remediation
QA now benefits from an agile approach to individual ROC Part I and Part II reviews.
The days of waiting for the QSA to complete the ROC before QA review have now been replaced by real time, open access, correspondence and status updates between these key functions.



Built-in security


“Previously, the ROC assessment would have taken between 30 and 40 days, comprised of QSA and QA engagement. Using the 27k1 RMS, to write the ROC assessment, we have reduced this time to 25 - 30 days, saving 10 - 15 days and reducing costs by at least £5,000. The time saved has allowed Razorthorn to collaborate more closely with our client, strengthening the relationship and allowing us to demonstrate the key data requirements so that the client will better manage their PCI compliance on a BAU basis.”
David Adams, added: “As a PCI DSS QSAC, Razorthorn Security have found the 27K1 tool to be an invaluable aid to creating the PCI DSS compliant Report on Compliance (ROC) and Attestation of Compliance (AOC) for our clients in a timely manner.”
27k1 QSAC Client Testimonials

"The 27k1 ROC Management System has proven invaluable with the updates to PCI DSS and the revised ROC reporting template, which requires numerous radio buttons to be selected and completed. The application is highly user-friendly, and the customer support is exceptional, with the team responding to inquiries and requests almost immediately. The time savings we've achieved by using the 27k1 ROC Management System has allowed us to dedicate more effort to guiding our customers on how best to meet PCI DSS requirements. Overall, the application is a great tool, completely recommend it to maximize efficiencies and increase productivity."

“The 27k1 PCI DSS auditing tool offers a comprehensive and user-friendly solution for managing our PCI DSS compliance. Its intuitive interface has made the auditing process seamless and efficient”

"I want to thank everyone at 27k1 for their support in recent weeks as we completed our first ROC using the 27k1 RMS tool! Your openness to our suggestions for streamlining our work has been invaluable. This collaboration improves the product for everyone, and I'm so excited to be a part of this user community."
North America - RGP global consulting and project execution for business transformation