Explore the latest news and information from the Auditwerx team.
PCI DSS 4.0.1 requirement 12.3.4 requires that all software and hardware is supported by the vendor. That sounds easy. Right? It’s not. Let’s discuss.
In today’s interconnected world, ensuring healthcare data security is paramount. If your organization handles patient health information (PHI), you’re undoubtedly familiar with the need for strict healthcare compliance. Learn about the difference between HIPAA and HITRUST and what it means for your organization.
With PCI DSS 4.0, nine of the requirements were rewritten to allow the assessed entity to define how frequently the control should be completed. While that flexibility sounded great to some folks, others weren’t exactly thrilled—because guess what? It means more paperwork. Every. Single. Year. These nine requirements now require a Targeted Risk Analysis (TRA) to justify the timing you choose. Let’s walk through each one and decide what might be best for your company.
As organizations increasingly rely on third-party service providers (TPSPs) to support payment processing environments, the need for clear oversight and accountability has never been more critical.
The Payment Card Industry Data Security Standard (PCI DSS) version 4.0 introduced a formal requirement for a documented scoping exercise under PCI 12.5.2. This guide breaks down the scoping process, offering practical steps and tips to streamline compliance.
You’ve put it off, you’ve ignored it, you’ve just been busy… whatever the case, PCI Version 4.0.1 new requirements are a reality as of April 1, 2025. Let’s dive into each new requirement.
