In today’s Compliance Week, Christopher Avery discussed the latest PCI Data Security Standard (PCI-DSS).
“There are a still a large number of organizations that look at PCI DSS as just a compliance obligation with point-in-time assessments,” says Christopher Avery, a data security expert with the law firm Davis Wright Tremaine. “That’s not to say that PCI is not important, but they put it to the side until one of the annual attestation windows approaches.”
“There is a renewed focus on the relationship among service providers,” Avery says. “There has always, historically, been some tension there with respect to who is responsible for what and who does what. Under Version 3.0 there are structural changes that make a clearer delineation of who is responsible for what.”
Read the entire article on Compliance Week’s website.