Contact Us

 

DataStealth Blog

What Is The Role Of A CISO In Compliance?

By Security Features • September 26, 2022

Since the PCI Standards Security Council released version 4.0 of PCI DSS on March 31st, it has become the center of debate in the global payments and compliance industry.

As new privacy regulations are created and updated, discussions about privacy management are increasing worldwide.

 
I recently spoke with Frédéric Jesupret, Group Information Security Officer at Allianz Partners, the global assistance and insurance services subsidiary of the Allianz Group, about the changes in compliance with PCI DSSv.4.0, key elements in managing international regulations, training and compliance challenges.

The evolution of PCI DSS v4.0–what’s new?

PCI DSS v4.0 appeared this year with the proposal to take compliance to a new level and increase security in the payments industry. However, companies must prepare to incorporate the new standard into their scope.

The new standard allows companies to use different ways to meet security requirements.

According to Frédéric, the challenge is that companies will need to adapt to the new standard and the requirements for their systems. However, he adds that PCI DSS v.4.0 will be an important step for companies as "the new standard will help us improve our compliance and also prepare us for compliance with other possible standards in the future.”

Managing multiple frameworks and international regulations

Global companies must follow local and international privacy and data protection regulations. This leads to a complex management process, especially at a time when national data protection regulations are becoming increasingly stringent.

 
In relation to this, Frédéric advises:
  • Comply with company standards such as ISO27001.
  • Prepare templates to help local entities achieve compliance.
  • Adopt a standardized approach to IT security and IT risk to generate standard reports.
  • Adopt the same approach to managing all elements.


The article 'What Is The Role of a CISO In Compliance" was written by Mathieu Gorge.