Payment Card Industry (PCI) DSS v4.0
What should organisations do about it?
Although v4.0 has been published, the PCI SSC is providing a 2-year implementation period for organisations to adjust their processes and controls to the new standard. The date for the diary is 31st March 2024 when v3.2.1 will be retired. In this period, all QSA’s (and Internal Security Assessors) will be required to undergo further training with the PCI SSC prior to being in a position to conduct an assessment of an organisation against the requirements of v4.0.
It is recommended that all organisations that have a PCI DSS obligation start preparations as soon as possible. There are several steps an organisation can take now to help prepare:
Conduct a scoping exercise to assure that you are complying with the appropriate PCI DSS reporting requirements (and reduce the scope if possible).
Conduct a familiarisation exercise with the new version.
Conduct a gap analysis against the new requirements.
Ensure all relevant stakeholders are aware of the changes.
Engage with a QSA company to assist with your preparations.
Xcina Consulting Limited
Speak to me directly by Email
James is a Certified Information Systems Security Professional (CISSP), ISO27001 Information Security Lead Auditor and qualified PCI Quality Security Assessor (QSA) from a multi-industry background. He is experienced in delivering risk based information assurance projects including PCI-DSS assessments, vCISO engagements, GDPR gap analysis and ISO27001 implementations including ISMS management.
To discuss how the above impact your business, feel free to get in touch with our team. We provide our clients with pragmatic advice and support to help them achieve a robust and defensible position.