All details relevant to the assessor’s findings should be clearly identified and documented in the appropriate place within the ROC. The information recorded in the ROC must ultimately support the assessor’s findings of ―in place‖ or ―not in place‖ for each Requirement and Testing Procedure of the PCI DSS.