PCI Security Standards Council has published a new Information Supplement: PCI DSS for Large Organizations. This document was produced by the 2019 Special Interest Group (SIG), whose members provided their expertise and shared experience of managing PCI DSS assessments in large organizations.
Often the larger an organization becomes, the more interconnected and complex its relationships with internal business units and third parties become. As a result of this complexity, large organizations may need to evolve their approaches for implementing and maintaining PCI DSS controls across the entire organization. The document provides guidance and suggestions that cover a range of business considerations, including:
- Roles, responsibilities, and ownership of PCI DSS functions
- Sustaining compliance
- Mergers and acquisitions
- Managing acquirers and payment channels
- Education and awareness
- Systems management to maintain PCI DSS compliance
- Multiple audits and assessment
- Laws, regulations, and standards
Read the information supplement here.
This information supplement is a result from a PCI SSC Special Interest Group. Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security challenges related to PCI Security Standards. SIGs promote the collaboration between industry representatives, subject matter experts, the Council and the Payment Brands to allow the development of practical payment security resources.
*Note: Although the information in the SIG document is principally intended for large organizations, entities of all sizes may find the information valuable. The material provided in this document is supplemental and does not supersede or replace any PCI DSS requirements.