PCI V4 Policy Pack Updates

PCI V4 Policy Pack Updates

Navigating the world of compliance, we're constantly looking for ways to streamline your journey. With this mission in mind, we're excited to unveil some updates that we hope make you PCI DSS V4 journey much easier!

1. Introducing the Vulnerability Risk Ranking Tool

To assist you with PCI DSS requirements 6.3.1 and 6.3.3, we've added a new document to our policy packs – the Vulnerability Risk Ranking Tool. This tool aligns with the industry standard OWASP Risk Rating Methodology and has been tailored to offer clarity and ease in prioritizing vulnerabilities so that you can better mitigate potential risks. With its structured approach, meeting 6.3.1 and 6.3.3 should be more straightforward.

2. Statement of Applicability Updates

Feedback has been our guiding star, and we have listened. We've had a few requests for more information regarding exactly which requirement is met by each of the document. To solve this, we've done some extensive work to the Statement of Applicability document. Now under the artefacts column, you will now see information about which document meets or aids in meeting each PCI DSS requirement.

This enhancement promises dual benefits:

  • Project Work Simplified: No more second-guessing which document aligns with a particular requirement. Reference with ease and enhance your project's accuracy and efficiency.
  • Audit Time Reduced: Now you can just hand the Statement of Applicability and documents to your auditor and being confident that they have everything they need to complete the majority of document related testing procedures. No more frantic searches for policy statements during the audit wondering exactly which policy covers each of the 218 individual testing procedures that require a document.

We're particularly excited about this change as is should dramatically reduce the hours spent on your project work and audit, saving you both time and stress.

A Note to Our Valued Customers

If you've already invested in our policy pack, we haven’t forgotten about you! Reach out to us, and we’ll ensure you receive the updated documents promptly. We’re committed to ensuring you benefit from all our latest offerings.

For those who haven’t got a copy of the policies – now’s the time! Equip yourself with our policy pack and take the hassle out of your PCI V4 compliance project.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.