From our webinar - 14th November 2019 Compliance professionals around the world are eagerly awaiting more information about PCI’s latest release to the Data Security Standards: PCI DSS 4.0. During this 30-minute webinar, we will review the timeline of the 4.0 release. Discuss findings from the 2019 RFC period draft release, highlight key changes that are coming with the revised framework, and discuss how SureCloud will help clients navigate these changes.

1. What to expect with PCI DSS v4.0

2. Who’s put this together?
Ben Dalton, Sr GRC Technology Consultant
• IT security & GRC industry
• PCI compliance program at Disney Parks & Resorts
www.surecloud.com © 2019 SureCloud. All rights reserved. 2
Craig Moores, CISSP, QSA, Risk Advisory Practice Director
• Delivering complex cyber security solutions
• PCI DSS, strategic planning and business auditing NCC Group

3. Agenda
• Key Takeaways from the PCI DSS 4.0 Draft
• Anticipated Challenges and Opportunities
• How to best prepare for a new version of PCI DSS
• How SureCloud can help
• Q&A: Ask a QSA!

4. Key Takeaways from the PCI DSS 4.0 Draft
• Added flexibility: Defined & customized validation
• Updated terminology and clarifications
• New requirements
• Best practice updates (e.g. authentication)
• Meaningful risk assessments
• Promoting security as a continuous process
www.surecloud.com © 2019 SureCloud. All rights reserved. 4

5. 5
Anticipated Challenges and Opportunities

6. 6
Business Challenges with PCI Compliance
Key Points:
• More common challenges:
• Aligning PCI compliance requirements with business objectives
• Ensuring the scope of the CDE is accurate
• Maintaining an accurate view of PCI compliance requirements
• Communication with key third parties e.g. Acquirers, Customers and Service Providers
• New challenges:
• Keeping abreast of the threat landscape
• Understanding new technologies, particularly around mobile devices and data management
• Evolving the compliance program to accommodate new changes in the DSS
www.surecloud.com © 2019 SureCloud. All rights reserved.

7. 7
Common Pitfalls… and Opportunities
Key Points:
• Common pitfalls:
• Standalone PCI programs that are disjointed from business processes
• Compliance for compliance sake
• Broad cardholder data environment scopes based on lack of understanding
• Opportunities:
• Increased awareness – particularly with regards to cardholder data risks
• Better understanding of the business operations and how these support the objectives of the
organization
• More efficient approach to executing business processes
• Embedded security controls that form a more effective business culture
www.surecloud.com © 2019 SureCloud. All rights reserved.

8. 8
How to best prepare for a new version of PCI DSS
Key Points:
• Keep abreast of changes and review the new version of the DSS when it is available!
• Ensure the scope of your CDE is accurate
• Assess the impact of any changes in requirements that affect your CDE
• Update your compliance program!
www.surecloud.com © 2019 SureCloud. All rights reserved.

9. 9
How Can SureCloud Help?
Whether you represent an organization in the beginning stages of the PCI journey, or if you’re a
seasoned PCI veteran and simply need a more efficient way to manage your program, SureCloud’s PCI
Compliance Management solution is purpose-built to provide a quick win for your compliance
organization.
With automated workflow, centralized controls testing and artefact collection, and real-time reporting,
SureCloud enhances visibility into your PCI program and can save you time in the process. Don’t
hesitate to reach out to us for a demo today!
www.surecloud.com © 2019 SureCloud. All rights reserved.

10. How Can SureCloud Help?
PCI Compliance Management Platform

11. Discover more…
Get in touch
- @surecloud
Benjamin.Dalton@surecloud.com
Craig.Moores@surecloud.com
contact@surecloud.com
Watch the slides with audio here.