The Corporate It Forum's Information Security Service has been supporting its members on challenges presented by PCI compliance since issues were raised through its Q&A service. When one organisation struggling with the standard raised a question, it resulted in an influx of support from other members.

Since 2005 the Information Security Service has been running a series of workshops covering the initial roll out of version 1.0 to the release of version 1.2. Adopting a practical approach to the challenges organisations have faced, delegates attending the workshops have collaborated to produce a library of good practice documents that cover issues with inconsistencies, deadlines, cost, justification to the business, merchant and card company relationships.

The reports are an essential starting point for any organisation on the road to compliance. Importantly, the information is derived from open discussions in a strictly confidential environment between very large end-user organisations. The sharing of experiences and focus on a clear action plan mean that the organisations involved save considerable time and money getting to an end-result. The confidence derived from benchmarking your organisation's status against another is second to none. PCI DSS version 1.2, is the first update since September 2006 when the PCI Security Standards Council began driving the standard. It will incorporate feedback from some 450 participating organisations. The council claims it taps into recommendations from retailers, security product vendors, electronic funds transfer networks, point-of-sale application developers and banks.

The new version of the standard will contain a number of changes, including a more concentrated list of sub-requirements to avoid overlapping, further clarification on reporting protocols, and expanded sections for glossary searches and frequently asked questions.

The Information Security Service has designed an event to look at the changes heralded by the new version and address current challenges organisations are facing on their roadmap to compliance. The workshop kicks off with a presentation from a member organisation of the PCI Standards Council on the changes and what they mean.

For your chance to get first hand insight into the changes required by the new version and clarification about what the implications mean to your organisation, contact us for more information.