PCI changes effective as of 31st March

With PCI DSS v3.2.1 being retired as of 31st March 2024, many organisations will have spent time during the last year understanding the changes in its replacement (version 4.0) in order to update their templates and forms with the necessary changes to meet the new requirements. By 31st March 2025 organisations must implement the new requirements identified as best practices in v4.0.

What does this mean for your IT policies?

If you have an existing suite of IT policies that were written in-house then, in light of the version 4.0 release, they will need to be reviewed. In v4.0 there are 51 new requirements included for all entities, and 13 new requirements included for service providers (64 in total) - as well as several clarifications and rearrangements applied to the existing requirements. 

This represents a reasonable workload in terms of drafting new content and checking that existing content is in alignment with V4.0.

A cost-effective option to develop and deliver policy content that is aligned with PCI DSS v4.0, as well as other standards such as ISO27002 and Cyber Essentials, is Policy Management as a Service. Our experts take the grind out of interpreting changes to standards and writing and or editing best practice policy statements so that they are aligned with the updated guidance.

Why should I care about standards?

While your organisation’s policies articulate the overarching principles the organisation wishes to adhere to, standards provide a set of quantifiable requirements that enable those principles to be achieved. Similarly, IT policies are most effective when combined with recognised international standards frameworks such as PCI-DSS or ISO27002. 

Click below to download the whitepaper – The Benefits Of A Standards-Based Approach To Implementing IT Policies.

Download Whitepaper

Improving IT policy compliance

When using online services or downloading apps for personal use, most of us are used to reviewing and accepting terms and conditions at lightning speed. Little or no time is spent reading the details and therefore we have limited knowledge of what we have agreed to. In the workplace when it comes to reading and accepting policies it is important to ensure that the reader does comprehend the stated requirements before signing them off. This comprehension of the requirements should improve compliance to the policies. 

What are some of the key steps that will improve user compliance to your IT policies?

• Policy content that is well written and easy to understand.
• Include a brief explanation text as an effective way to help build a reader’s comprehension of policy statements.
• Consider including supporting information such as a glossary of terms.
• Conduct comprehension testing on the contents of your policies.
• Monitor pass rates and set an expectation that a “fail” will require further training.
• Request a user formally accepts a policy once they have passed a comprehension test.
• Follow up with those that are not engaging with the content to understand why and address any roadblocks.
• Appoint a project manager to run this as a project and improve the chances of its success. 

Policy Management as a Service provides an efficient means to develop, deliver and maintain IT policy content, that is suited each customer’s specific business requirements. Once in place customers have a range of functions available to manage the content and user engagement with the service.

Contact us to discuss how our service can assist your organisation to improve user compliance.

Click below to download our latest infographic on frequently asked questions around managing content and users with Policy Managament as a Service.

Download FAQ