PCI DSS and Risk Assessment
Transcript
PCI’s relationship to risk assessment is unique. PCI does, like most standards, require a risk assessment. But it also requires a risk assessment, not only against the cardholder data environment and the scope of your assessment, it requires that assessment on any significant change to your environment. So don’t forget, under PCI, not only do you need to do a risk assessment each year as a core to the standard, you also need to do it any time you flag a significant change within the CDE or its environment.
PCI’s relationship to risk assessment is unique. PCI does, like most standards, require a risk assessment. But it also requires a risk assessment, not only against the cardholder data environment and the scope of your assessment, it requires that assessment on any significant change to your environment. So don’t forget, under PCI, not only do you need to do a risk assessment each year as a core to the standard, you also need to do it any time you flag a significant change within the CDE or its environment.