If you're classified as a service provider, you are required to formally establish the overall responsibility for PCI compliance and the protection of cardholder data. Your PCI DSS Charter should be approved by executive management at least annually and anytime that there are major changes to your organization.
Click to see a short video on PCI DSS 3.2’s Section 12.4.1 requirements.
Freed Maxick 12.4.1 Guidance
Establishing authority and responsibility for a PCI program within an organizational is an essential step in maintaining compliance. Aligning strategy with explicit requirements allows for increased level of cybersecurity and protection of sensitive customer data. Executive management’s role in PCI compliance promotes a more holistic approach to data security
PCI DSS Resources
For more guidance on 12.4.1 compliance and other PCI DSS requirements, read our blog post that includes a downloadable overview of all recent updates and revisions.
An overview of Freed Maxick services for PCI DSS Compliance can be found here, and for a more detailed discussion of your organization’s situations and needs, contact us here or call me at 716.847.2651.