Cybersecurity

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

Report on Compliance (ROC)

The formal deliverable produced by a QSA after completing a PCI DSS assessment, documenting scope, methodology, findings, and compliance status. Submitted to the acquiring bank or payment brand as evidence of PCI DSS compliance.

From the library

The full analysis on Report on Compliance (ROC).

The article is where the term meets the practitioner. Read how this concept actually shows up in audit, in remediation, and in the boardroom.

Read the analysis →
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.