In the second installment of the “Questions with the Council” video series, Data Security Standards Manager, Kandyce Young, answers the payment industry’s questions about PCI DSS v4.0. The questions focus specifically on the customized approach and compensating controls. Questions include:
- Is the customized approach right for our organization?
- What is a situation where a compensating control should be used, versus the customized approach?
- What is a “legitimate documented technical or business constraint” when implementing a compensating control?
- Can the same QSA design and asses a customized control?
Watch “Questions with the Council” where Kandyce answers these questions and more! Make sure to subscribe to the Council’s YouTube page to stay up to date with upcoming payment security videos.
Have more questions about the customized approach or compensating controls? Make sure to read this blog series for more information:
- PCI DSS v4.0: Compensating Controls vs Customized Approach
- PCI DSS v4.0: Is the Customized Approach Right for Your Organization?
- PCI DSS v4.0: Roles and Responsibilities for the Customized Approach
Make sure to check out the whole “Questions with the Council” series!
Want more resources on PCI DSS v4.0? Visit the PCI DSS v4.0 Resource Hub: