2024 promises to be rich in terms of the transition to the new versions of the standards PCI DSS 4.0 and ISO 27001-2022.
PCI DSS 4.0 will be relevant from the second quarter of 2024.
ISO 27001-2022, although formally introduced in 2025, will actually be relevant after 30.04.2024, which is also very close to the PCI DSS 4.0 implementation dates.
The latest changes in PCI DSS 4.0 compared to PCI DSS 3.2.1 are available here
Some changes in ISO 27001-2022 compared to ISO 27001-2013 can be found here
In general, it can be said that 2024 will be interesting from the point of view of implementing the requirements of these standards and will abound with questions about their implementation and interpretation.
Additional Information
PCI DSS 4.0
- The new version of PCI DSS introduces a number of significant changes, including:
- A focus on risk-based security controls
- Increased requirements for security awareness and training
- New requirements for cloud security
- Organizations that process or store payment card data must comply with PCI DSS in order to protect cardholder data from unauthorized access, use, disclosure, disruption, modification, or destruction.
ISO 27001-2022
- The new version of ISO 27001 includes a number of changes, including:
- A new risk management framework
- New requirements for security operations
- Increased focus on cyber security
- ISO 27001 is an international standard for information security management systems (ISMS). An ISMS is a framework for managing the security of information assets.
