PCI DSS v4.0.1 ROC Assessments were never intended to be so complex, so time consuming, so resource heavy… but they are!

That’s why the 27k1 ROC Management System has been developed for certified QSA companies. Built from the ground up, it focuses on generating efficiencies and saving time.

The 27k1 RMS streamlines the ROC assessment process: cutting costs, increasing accuracy, improving quality and reducing stress. The payback is immediate.

This is how it works...

Turbocharge your ROCs
Assign evidence easily, auto-fill findings, and control every part of the workflow.
Ultimate evidence management
Auto-populate ROC Sections 6 and reporting instruction evidence directly from SharePoint.
A unique narrative library
Narrative responses are provided that will auto-populate every assessment finding.
No more blank fields
Your company retains control over the security of it's data at all times with Azure or Amazon AWS IaaS.
Agile QA

A final check that all assessment findings and all assessor responses are complete.

Built-in security

No more frenzied working towards a scheduled QA window.


Turbocharge your ROCs

The 27k1 RMS gives QSA’s a digitized version of the PCI DSS v4.0.1 “Word” template.

Setting the Entity’s Eligibility Criteria initiates the auto-population of intelligent and accurate responses across ‘000’s of fields within the ROC.

Collect the Evidence to support Sections 6.2 to 6.6 from your Evidence repository, then use the SharePoint API to auto-populate these key sections of the ROC assessment.

A click of the mouse converts the digital data to complete the entire ROC template, branded to reflect your QSAC’s corporate identity.

Image
Image
Image
Progress charts show every step of the ROC assessment from start to finish which you can share with your clients.
Evidence management using SharePoint
PCI DSS SharePoint evidence repro
Use the 27k1 API to SharePoint. For QSAC’s using SharePoint as a repository for Section 6 evidence, the 27k1 software will now extract 6.2 to 6.6 including the assessors response for each reporting instruction and auto-populate the ROC, placing this data into the correlated assessment fields.
A unique narrative library
Image
PCI DSS Saq Eligibility
PCI DSS Response library
The power of AI for customizing narrative responses

The Narrative Library consists of hundreds of predefined responses, each one associated with individual PCI Requirements across every section of the ROC.

The narrative responses may be exported and tailored to individual QSA requirements or customized and applied to particular Entity’s using AI.

Once AI has been deployed to adapt the responses, they may be imported to the 27k1 RMS and deployed on a particular ROC assessment from the Narrative Response menu.

No more blank fields
Auto-check missing assessment findings or reporting instruction assessor’s response fields. Direct links to missing PCI DSS Requirement fields enable updates before final, mass annotation of "Not Applicable" to any section that does not apply.
Image
Image
Agile QA

The RMS provides a separate QA module, allowing QA to securely access any ROC assessment at any time.

For every Requirement assessed by the QSA and passed to QA for review, a completion status is applied:

Green = Ready for QA
Blue = QA Approved
Brown = In Remediation

QA now benefits from an agile approach to individual ROC Part I and Part II reviews.

The days of waiting for the QSA to complete the ROC before QA review have now been replaced by real time, open access, correspondence and status updates between these key functions.

Image
Image
Image

Built-in security

To ensure your data is safely stored and processed within your company's domain, the 27k1 RMS is easily installed and runs at low cost using Azure SQL Database (recommended) or SQL Server (Express).
PCI DSS RMS Network diagram
27k1 RMS - Customer Case Study, April 2025
Razorthorn security
Time and Cost Benefits

“Previously, the ROC assessment would have taken between 30 and 40 days, comprised of QSA and QA engagement. Using the 27k1 RMS, to write the ROC assessment, we have reduced this time to 25 - 30 days, saving 10 - 15 days and reducing costs by at least £5,000. The time saved has allowed Razorthorn to collaborate more closely with our client, strengthening the relationship and allowing us to demonstrate the key data requirements so that the client will better manage their PCI compliance on a BAU basis.”

David Adams, added: “As a PCI DSS QSAC, Razorthorn Security have found the 27K1 tool to be an invaluable aid to creating the PCI DSS compliant Report on Compliance (ROC) and Attestation of Compliance (AOC) for our clients in a timely manner.”

27k1 QSAC Client Testimonials

Image

"The 27k1 ROC Management System has proven invaluable with the updates to PCI DSS and the revised ROC reporting template, which requires numerous radio buttons to be selected and completed. The application is highly user-friendly, and the customer support is exceptional, with the team responding to inquiries and requests almost immediately. The time savings we've achieved by using the 27k1 ROC Management System has allowed us to dedicate more effort to guiding our customers on how best to meet PCI DSS requirements.  Overall, the application is a great tool, completely recommend it to maximize efficiencies and increase productivity."

3FACTOR Cybersecurity Consulting

Image

“The 27k1 PCI DSS auditing tool offers a comprehensive and user-friendly solution for managing our PCI DSS compliance. Its intuitive interface has made the auditing process seamless and efficient”

PCI DSS - Evolution Global Security Company

Image

"I want to thank everyone at 27k1 for their support in recent weeks as we completed our first ROC using the 27k1 RMS tool! Your openness to our suggestions for streamlining our work has been invaluable. This collaboration improves the product for everyone, and I'm so excited to be a part of this user community."

North America - RGP global consulting and project execution for business transformation