I have to admit, I needed some coffee and cobweb remover to decode this message from the Council this morning. They posted their Lifecycle Statement on the standard yesterday. After reading it a few times (and having a cuppa), I believe what they are trying to say is that there will be a new version of the PCI-DSS every 24 months. If you see a major number incremented (say 2.0 from 1.X), it is considered a new version. If a minor number is incremented (say 1.1 to 1.2) it is a revision. Regardless, you still have to do it and you will have some amount of time to implement.

The next revision is due out on October 1, 2008 and will be version 1.2.

To whomever drafted this document, will you please read William Zinsser’s On Writing Well, and Paula Larocque’s The Book on Writing — The Ultimate Guide to Writing Well. Seriously guys, simplify your writing. There are many non-native speakers trying to digest this stuff, and I guarantee the first sentence in that release has them so confused that many just tossed it aside.

This post originally appeared on BrandenWilliams.com.

Possibly Related Posts: