Menu Close

Payment Card Industry (PCI) DSS v4.0

What should organisations do about it?

Although v4.0 has been published, the PCI SSC is providing a 2-year implementation period for organisations to adjust their processes and controls to the new standard. The date for the diary is 31st March 2024 when v3.2.1 will be retired. In this period, all QSA’s (and Internal Security Assessors) will be required to undergo further training with the PCI SSC prior to being in a position to conduct an assessment of an organisation against the requirements of v4.0.

It is recommended that all organisations that have a PCI DSS obligation start preparations as soon as possible. There are several steps an organisation can take now to help prepare:

Conduct a scoping exercise to assure that you are complying with the appropriate PCI DSS reporting requirements (and reduce the scope if possible).

Conduct a familiarisation exercise with the new version.

Conduct a gap analysis against the new requirements.

Ensure all relevant stakeholders are aware of the changes.

Engage with a QSA company to assist with your preparations.

Read other chapters in the series:

Part 1: PCI DSS Version 4.0 What is it and why now?  >>

Part 2: What are the key changes in v4.0? >>


If you would like to know more and how we are assisting our clients in adjusting to the new standard, please contact us at


James Drake

Senior Director 
Xcina Consulting Limited

Speak to me directly by Email

James is a Certified Information Systems Security Professional (CISSP), ISO27001 Information Security Lead Auditor and qualified PCI Quality Security Assessor (QSA) from a multi-industry background. He is experienced in delivering risk based information assurance projects including PCI-DSS assessments, vCISO engagements, GDPR gap analysis and ISO27001 implementations including ISMS management.

To discuss how the above impact your business, feel free to get in touch with our team. We provide our clients with pragmatic advice and support to help them achieve a robust and defensible position.




Stay in control of your inbox

Register your details to receive our featured insights,
news and analysis covered by our Information Security team.

Stay up to date and discover how the requirements impact your business.