New PCI DSS Guidance for Large Organisations

New PCI DSS Guidance for Large Organisations

The PCI Security Standards Council has published a new Information Supplement: PCI DSS for Large Organizations (sic).

The supplement proposes that larger organisation experience more interconnected and complex relationships with internal business units and third parties. As such, they may need to evolve their approaches for implementing and maintaining PCI DSS controls.

The supplement provides guidance and suggestions on the following:

* Roles, responsibilities, and ownership of PCI DSS functions
* Sustaining compliance
* Mergers and acquisitions
* Managing acquirers and payment channels
* Education and awareness
* Systems management to maintain PCI DSS compliance
* Multiple audits and assessment
* Laws, regulations, and standards

Although the information in the supplement is intended for large organisations, entities of all sizes may find the information valuable. It would be a beneficial exercise to conduct a gap analysis against the recommendations contained within the supplement to see how your organisation fares. You can read the full document at the PCI website.