PCI DSS 4.0 TransitionThe release of PCI DSS version 4.0 marks the most significant change to the
standard in more than a decade prompting risk3sixty to make significant
investments in people and technology to support organizations with the transition.

ATLANTA — Sept 13, 2022 – Risk3sixty, a PCI QSA firm that helps high-growth technology
companies assess, build and manage security, privacy and compliance programs, today
announced important investments they are making in leadership, their platform Phalanx
GRC, and new methodologies to help clients navigate the transition from PCI DSS version
3.2.1 to PCI DSS version 4.0. The transition to PCI DSS version 4.0 marks the most
extensive change to the standard in more than a decade and could change the way many
organizations approach achieving certification against the standard.

“We know that the transition to PCI DSS 4.0 will be a significant challenge for
organizations, so we wanted to bring in a talented leader, Christopher Donaldson, to help
enhance our capabilities and better serve our clients,” said risk3sixty CEO and Co-Founder
Christian Hyatt.

Donaldson is a noted authority in compliance, with technical expertise across all areas of
security as it relates to data confidentiality. He possesses specific competencies in
network security, data protection, and governance, risk and compliance (GRC). He has led
numerous complex engagements leading organizations on their journey to PCI DSS
compliance.

In addition to expanding their PCI DSS leadership team, risk3sixty has also made
significant investments in technology to help make PCI DSS certification easier for
their clients.

“Over the last 5 years we have built Phalanx GRC, the platform that helps our clients
navigate frameworks like SOC 2, ISO 27001, and PCI DSS. We take the complexity of these
frameworks and translate it into easy-to-follow steps in language people can more easily
understand,” said risk3sixty President Christian White, who is also a co-founder of the
company. “Phalanx GRC will help significantly reduce the efforts to achieve certification
and maintain compliance over time as it helps interpret the standard and has fantastic
capabilities to support gathering audit evidence, manage policies, manage risks, and
much more. Hundreds of organizations already use Phalanx, so we are very confident in its
capabilities.”

PCI DSS version 4.0 includes a number of important changes including new guidance on
performing risk assessments as well as an option to adopt customized control. Under
Donaldson’s leadership the organization has developed a proven process to help
organizations manage the nuances of PCI DSS version 4.0.

“PCI DSS version 4.0 presents an opportunity for organizations to leverage the compliance
exercise to significantly reduce their cybersecurity risks,” said Donaldson. “In addition,
there are important opportunities to reduce the burdens traditionally associated with a PCI
DSS audit. We think we are in a unique position to leverage this transition to help clients
accomplish both.”

About risk3sixty
Risk3sixty, an Atlanta-based cyber security consulting company, works with high-growth
technology firms to help leadership build, manage and certify security, privacy and
compliance programs that underpin public and stakeholder trust yet never hinder business
goals. These efforts are propelled by the company’s cybersecurity playbook and expert
leadership paired with the powerful security, privacy and compliance platform, Phalanx
GRC. The firm has a proven track record of helping accomplish these missions for
“unicorns,” high-value clients that have a valuation of $1 Billion or more.