ROC

A Report on Compliance (ROC) document contains detailed results from an entity’s onsite PCI DSS assessment. A ROC is created when a Qualified Security Assessor performs a PCI DSS Audit, which details whether an organization meets each PCI DSS Requirement. The report also includes information of how the assessment was undertaken. ROCs use a template provided by the PCI Security Standards Council and are structured as below:

Section 1: Contact Information and Report Date
Section 2: Summary Overview
Section 3: Description of Scope of Work and Approach Taken
Section 4: Details about Reviewed Environment
Section 5: Quarterly Scan Results
Section 6: Findings and Observations
Appendix A: Additional PCI DSS Requirements
Appendices B and C: Compensating Controls and Compensating Controls Worksheet (as applicable)
Appendix D: Segmentation and Sampling of Business Facilities/System Components (diagram)

Some of the information in a ROC may be sensitive or confidential.

Security & Compliance

Secure AI

Operational Insights

By Industry

By Integration

Guides, case studies, and insights

Why Eckoh

Leadership

Careers

Eckoh US

Eckoh UK

What we do

Resources

About