A discussion with Frédéric Jesupret, Group Information Security Officer at Allianz Partners
Since the PCI Standards Security Council released version 4.0 of PCI DSS on March 31st, it has become the center of debate in the global payments and compliance industry.
As new privacy regulations are created and updated, discussions about privacy management are increasing around the world.
I recently spoke with Frédéric Jesupret, Group Information Security Officer at Allianz Partners, the global assistance and insurance services subsidiary of the Allianz Group, about the changes in compliance with PCI DSSv.4.0, key elements in managing international regulations, training and compliance challenges.
The evolution of PCI DSS v4.0–what’s new?
PCI DSS v4.0 appeared this year with the proposal to take compliance to a new level and increase security in the payments industry. However, companies must prepare to incorporate the new standard into their scope.
The new standard allows companies to use different ways to meet security requirements.
According to Frédéric, the challenge is that companies will need to adapt to the new standard and the requirements for their systems. However, he adds that PCI DSS v.4.0 will be an important step for companies as “the new standard will help us improve our compliance and also prepare us for compliance with other possible standards in the future.”
Managing multiple frameworks and international regulations
Global companies are required to follow local and international privacy and data protection regulations. This leads to a complex management process, especially at a time when national data protection regulations are becoming increasingly stringent.
In relation to this, Frédéric advises:
- Comply with company standards such as ISO27001.
- Prepare templates to help local entities achieve compliance.
- Adopt a standardized approach to IT security and IT risk to generate standard reports.
- Adopt the same approach to managing all elements.
Key advice to keep educated and compliant
It can be quite a challenge for CISOs to negotiate multiple frameworks and regulations.
For Frédéric keeping pace with compliance is “a never-ending story” that requires much reading, internet research, and the use of valuable information channels like the Vigitrust Advisory Board.
Alongside this is the challenge of staying compliant. As Frederic puts it, “it’s the day-to-day tasks that we have to focus on in order to reach another compliance milestone a short time later.”
Source: https://www.forbes.com/sites/forbesbooksauthors/2022/09/09/what-is-the-role-of-a-ciso-in-compliance/