Timelines & Initial Preparation Required for Your Business - McDermott
MWE Logo
|

PCI DSS 4.0: Timelines and Initial Preparation Steps Required for Your Business

Overview


Last year, the Payment Card Industry Security Standards Council released version 4.0 of its Data Security Standard (PCI DSS 4.0). The new version, which brings major changes to the payments ecosystem and compliance requirements, places an increased focus on governance, organizational maturity, technical controls and targeted risk analysis.

With the PCI DSS 4.0 compliance deadline fast approaching, there are a number of preparation steps that will likely take longer than anticipated for organizations to comply with the standard. Many of the compliance measures, adjustments and implementation projects will have lead times of a year or more, especially technology-related revisions (e.g., incorporating new multi-factor authentication requirements), enhanced governance and third-party vendor contract changes. Planning for PCI DSS 4.0 compliance is a continuous effort that should be started now.

Join members of McDermott’s Global Privacy & Cybersecurity team and Alan Gutierrez-Arana, principal at Mazars, for the second in a series of PCI DSS 4.0 programs as they discuss how merchants, service providers, issuers, acquirers and other businesses subject to the standard should plan for the transition to PCI DSS 4.0. We will also explore the process for transitioning from version 3.2.1 to version 4.0 and the activities that make up these compliance efforts. This program is an essential first step as legal counsel and PCI DSS 4.0 compliance teams work together to ready their organizations to meet the compliance deadline.

Discussion topics will include:

  • Realistic timelines for PCI DSS 4.0 implementation for your business
  • Scoping the systems, people, service providers and processes that are in scope for your compliance obligations
  • Structural changes required to convert to PCI DSS 4.0
  • Relevant PCI DSS 4.0 gap assessment and testing processes
  • PCI DSS 4.0 risk assessments, both targeted and general
  • PCI DSS 4.0 legal and contractual implications for third-party service providers

A link to our prior PCI 4.0 program can be found here.

WEBINAR MATERIALS

Download Slides

Stay Connected

Subscribe Follow Us on LinkedIn Contact Us

Dig Deeper

Webinar / McDermott Webinar / December 4, 2024

Cookie Deep Dive: Maximizing Value While Minimizing Risk

Coral Gables, FL / Speaking Engagements / November 13-15, 2024

Consero's Chief Privacy Officer Forum

New Orleans, LA / Speaking Engagements / November 6-8, 2024

Cambridge Forum on Health Data Privacy & Emerging Issues

Washington, DC / Speaking Engagements / October 23-25, 2024

Privacy + Security Forum Fall Academy 2024

Webinar / McDermott Webinar / October 24, 2024

Navigating the Final CMMC Rule

Brussels, Belgium / Sponsored Events / October 8, 2024

IIC Brussels Chapter Meeting | Final Countdown – Preparing for the NIS2 Directive and its Implementing

Get In Touch