Version 3.2 heavily concentrates on service providers and merchants to ensure that the implementation and maintenance of PCI DSS gets adopted business-as-usual (BAU), which is the normal execution of standard functional operations within an organisation and eventually becomes second nature. Even though technically it is an annual assessment, the PCI SSC guides businesses to adopt a formal risk based approach to security.
With only half of code administration bodies in the energy market exposed to competitive pressures, do all organisations delivering these code related services strive for exceptional quality, while keeping costs low? Should they all be exposed to competitive tendering? These are some of the key questions that need addressing.