December 2024
It’s a fact that the full, PCI DSS v4.0.1 ROC template requires the QSA to complete 577 fields in Part I and 3552 fields in Part II. Part I being focused upon the Assessment Overview, with Part II split between Sampling & Evidence and Findings & Observations. Completing 4,129 fields across all Requirements is a challenging task that demands accuracy in order to deliver a high quality ROC assessment. A Physical Storage Service Provider or Multi-Tenant Service Provider ROC’s may be shorter, but still require the same attention to detail.
The 27k1 RMS has been developed as a digitized version of the analogue, ROC assessment template. In developing this software, 27k1 has devised numerous automated and time saving features that intelligently, auto-populate the ROC , AOC and Customized Control worksheets.
Of the 4,129 fields, the 27k1 RMS auto-populates 3755 fields across Parts 1 and 2.
Starting by selecting the correct ROC assessment type and establishing the Eligibility Criteria, the logic built into the software instantly populates hundreds of fields that are drawn from a tailored, Response Library. Specific fields will immediately be justified as “Not Applicable” and hundreds more will move to an “In Progress” status, waiting for the QSA to continue the work until it is ready for QA.
Because Parts I and II have been integrated, the QSA can easily move around the digitized ROC assessment, referencing evidence, interviews, observations and findings, all of which being hyper-linked to the application and located within a secure data repository. Clear reports across every Section and Requirement highlight the status of the ROC, which may be shared with the client.
The QSA may work in an agile way, such that QA may be completed on a section-by-section basis, rather than wait for the entire ROC assessment to have been prepared for final review. Work completed by the QSA and QA team within the 27k1 RMS software, will output into their branded, analogue ROC template.
Feedback from QSA companies using the system suggest that up to 7 days may be saved from a 10 day ROC assessment, based on a 7-hour working day. At $1,000 per day, this will translate to an immediate return on investment, saving the QSAC around $7,000 per ROC assessment.
Here’s what 27k1’s QSA clients had to say:
“The 27k1 ROC Management System has proven invaluable with the updates to PCI DSS and the revised ROC reporting template, which requires numerous radio buttons to be selected and completed. The application is highly user-friendly, and the customer support is exceptional, with the team responding to inquiries and requests almost immediately. The time savings we’ve achieved by using the 27k1 ROC Management System has allowed us to dedicate more effort to guiding our customers on how best to meet PCI DSS requirements. Overall, the application is a great tool, completely recommend it to maximize efficiencies and increase productivity.” Tania Nicholas, QSA, Director of PCI Compliance Services at 3Factor (https://www.3factor.com/).
“I want to thank everyone at 27k1 for their support in recent weeks as we completed our first ROC using the 27k1 RMS tool! Your openness to our suggestions for streamlining our work has been invaluable. This collaboration improves the product for everyone, and I’m so excited to be a part of this user community.” Jacqueline Bertram – Senior Director, Cyber Security – RGP – RGP global consulting and project execution for business transformation
“The 27K1 PCI DSS auditing tool offers a comprehensive and user-friendly solution for managing our PCI DSS compliance. Its intuitive interface made the auditing process seamless and efficient.” Ritchie Jeune – Managing Director, Home – Evolution Global Security Company