Timelines & Initial Preparation Required for Your Business - McDermott

PCI DSS 4.0: Timelines and Initial Preparation Steps Required for Your Business

Overview



Last year, the Payment Card Industry Security Standards Council released version 4.0 of its Data Security Standard (PCI DSS 4.0). The new version, which brings major changes to the payments ecosystem and compliance requirements, places an increased focus on governance, organizational maturity, technical controls and targeted risk analysis.

With the PCI DSS 4.0 compliance deadline fast approaching, there are a number of preparation steps that will likely take longer than anticipated for organizations to comply with the standard. Many of the compliance measures, adjustments and implementation projects will have lead times of a year or more, especially technology-related revisions (e.g., incorporating new multi-factor authentication requirements), enhanced governance and third-party vendor contract changes. Planning for PCI DSS 4.0 compliance is a continuous effort that should be started now.

Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana, principal at Mazars, for the second in a series of PCI DSS 4.0 programs as they discuss how merchants, service providers, issuers, acquirers and other businesses subject to the standard should plan for the transition to PCI DSS 4.0. We will also explore the process for transitioning from version 3.2.1 to version 4.0 and the activities that make up these compliance efforts. This program is an essential first step as legal counsel and PCI DSS 4.0 compliance teams work together to ready their organizations to meet the compliance deadline.

Discussion topics will include:

  • Realistic timelines for PCI DSS 4.0 implementation for your business
  • Scoping the systems, people, service providers and processes that are in scope for your compliance obligations
  • Structural changes required to convert to PCI DSS 4.0
  • Relevant PCI DSS 4.0 gap assessment and testing processes
  • PCI DSS 4.0 risk assessments, both targeted and general
  • PCI DSS 4.0 legal and contractual implications for third-party service providers

A link to our prior PCI 4.0 program can be found here.

Dig Deeper

Washington, DC / Speaking Engagements / October 23-25, 2024

Privacy + Security Forum Fall Academy 2024

Indianapolis, IN / Speaking Engagements / September 27, 2024

HCCA Indianapolis Regional Healthcare Compliance Conference

Los Angeles, CA / Speaking Engagements / September 21-22, 2024

IAPP Privacy. Security. Risk. 2024

Webinar / McDermott Event / September 12, 2024

The Data Act: Myths, Realities and Uncertainties

Get In Touch