A PCI-DSS Report On Compliance (ROC) audit is a formal audit of controls pertaining to credit card collection, storage, transmission, destruction, and more.
This audit applies to Level 1 PCI merchants and service providers. It is a formal audit process performed by qualified security assessors (PCI QSA). The Report on Compliance (ROC) is produced during onsite PCI DSS assessments as part of an entity’s validation process. The ROC provides details about the entity’s environment and assessment methodology, and documents the entity’s compliance status for each PCI DSS Requirement.
A PCI DSS compliance assessment involves thorough testing and assessment activities, from which the assessor will generate detailed work papers.
For organizations that are looking to comply with PCI DSS:
TrustedSec will perform a full review regardless of level to ensure the organization can adhere to the standards of PCI. If a Report on Compliance (ROC) is required based on level, TrustedSec is fully certified through the PCI Security Standards Council to issue a ROC.
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.