PCI-DSS RoC v3.2.1 Assessment Template

This download includes the PCI DSS Template for Report on Compliance for use with PCI DSS v3.2, Revision 1.0 (“ROC Reporting Template”). It is the mandatory template for Qualified Security Assessors (QSAs) completing a Report on Compliance (ROC) for assessments against the PCI DSS Requirements and Security Assessment Procedures v3.2.

The ROC Reporting Template provides reporting instructions and the template for QSAs to use. This can help provide reasonable assurance that a consistent level of reporting is present among assessors.

ROC Summary of Assessor Findings:

With the Reporting Template, an effort was made to efficiently use space, and as such, there is one response column for results/evidence (“ROC Reporting Details: Assessor’s Response”) instead of three.

Additionally, the results for “Summary of Assessor Findings” were expanded to more effectively represent the testing and results that took place, which should be aligned with the Attestation of Compliance (AOC).

There are now five results possible – In Place, In Place with CCW (Compensating Control Worksheet), Not Applicable, Not Tested, and Not in Place. At each sub-requirement, there is a place to designate the result (“Summary of Assessor Findings”), which can be checked as appropriate.