Ready for the Future: usd PCI DSS Policy Templates Version 4.0 Now Available

28. July 2023

Companies that store, transmit or process credit card data are required by requirement 12.1 of the Payment Card Industry Data Security Standard (PCI DSS) to establish and maintain an information security policy for their employees. In addition, the PCI DSS also requires the creation and maintenance of other policies based on requirements applicable to the company.

With PCI DSS version 4.0, the PCI Security Standards Council published the most comprehensive update of the security standard to date in March 2022. As of April 1, 2024, version 4.0 will completely replace version 3.2.1. As a responsible provider of PCI DSS Policy Templates, our goal is to help you achieve your compliance goals while protecting your data in the best possible way. That's why our PCI experts have developed a set of PCI DSS Policy Templates that meet the new version 4.0 of the security standard.

The relevant policies for your PCI DSS compliance

The usd PCI DSS Policy Templates form the basis of your information security policy and contain all policies required for your company type and your SAQ (Self-Assessment Questionnaire). Benefit from the combined expertise and experience of our PCI experts and save valuable resources that you can spend on your core business instead.

We understand that companies have different requirements and are at different stages of their compliance journey. Currently, many organizations are still demonstrating PCI DSS compliance to version 3.2.1 and some organizations are already demonstrating compliance to version 4.0. Therefore, in the transition phase, you can choose between our policy templates for both versions of the standard (version 3.2.1 or version 4.0).

What changes with PCI DSS version 4.0?

PCI DSS version 4.0 brings with it an expanded list of security requirements that address the ever-changing threat landscape. This release introduces additional security controls to help you better protect your customer and credit card data. Accordingly, the policy templates for version 4.0 are more comprehensive and thorough to meet the new requirements.

How do you choose the right set of Policy Templates?

Selecting the appropriate set of Policy Templates depends on several factors, including the version of PCI DSS to which you want to certify (version 3.2.1 or version 4.0). Your organization's role in the context of PCI DSS (merchant or service provider) and the type of Self-Assessment Questionnaire (SAQ) you need to complete for certification are also critical in selecting the right template.

Our PCI experts will be happy to assist you in selecting and implementing the appropriate Policy Templates. We look forward to accompanying you on your way to PCI DSS compliance and to creating a safe and secure environment for your customer and credit card data together.

Also interesting:

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

The Digital Operational Resilience Act (DORA) will apply as of January 17, 2025. In addition to routine operational resilience testing, DORA will also make it mandatory for certain financial companies to carry out threat-led penetration testing (TLPT) every three...

Security Advisory on Gambio

Security Advisory on Gambio

The pentest professionals at usd HeroLab examined the online shop software Gambio during their pentests. The software offers merchants various functions that support the management of inventory and orders. Our professionals discovered a vulnerability in the password...