PCI DSS Explained: Turning Compliance into a Security Strategy

Discover how PCI DSS can become more than just a compliance checklist. This episode explores PCI DSS as a strategic tool to build digital trust, prevent fraud, and unify your security approach. Learn why treating it as a living framework, not a box-ticking task—can transform your security posture.In this episode, we answer to:What are the core PCI DSS requirements most organizations fail to meet?Why should PCI DSS be treated as a continuous strategy, not a one-time audit?Who is actually in scope for PCI DSS, and why does size not exempt you?Resources Mentioned in this Episode:TechTarget website, article "What is PCI DSS (Payment Card Industry Data Security Standard)?", link https://www.techtarget.com/searchsecurity/definition/PCI-DSS-Payment-Card-Industry-Data-Security-Standard Stripe website, article "What is PCI DSS compliance?", link https://stripe.com/guides/pci-compliance Bridewell website, article "Who Needs to Be PCI DSS Compliant?" link https://www.bridewell.com/insights/blogs/detail/who-needs-to-be-pci-dss-compliant AuditBoard website, article "The 12 PCI DSS Compliance Requirements: What You Need to Know", link https://www.auditboard.com/blog/pci-dss-requirements/ Exabeam website, article "What Is PCI Compliance? The 12 Requirements", link https://www.exabeam.com/explainers/pci-compliance/pci-compliance-a-quick-guide/ Sprinto website, article "Who Must Comply with PCI DSS? Payment Security Explained", link https://sprinto.com/blog/to-whom-does-pci-dss-apply/ Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how FinTechs can shift from project-driven IT to a product-centric model that enables continuous value delivery. Learn key strategies for CIOs to build agile, cross-functional teams and redesign governance. Are your teams truly product-led or just rebranded project squads?In this episode, we answer to:How can FinTech CIOs enable a shift from projects to products?What does a product-led operating model look like in FinTech?How can teams self-assess their product-readiness?Resources Mentioned in this Episode:CIO.com website, article "Making the shift to product-based IT", link https://www.cio.com/article/219649/making-the-shift-to-product-based-it.htmlErnst & Young website, article "How a product-driven IT operating model can help reimagine banking", link https://www.ey.com/en_us/insights/banking-capital-markets/how-a-product-driven-it-model-can-reimagine-bankingGartner website, article "IT Organization Design Roadmap: How to Shift from Project to Product", link https://www.gartner.com/en/publications/it-org-design-project-to-product-roadmapConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Explore how ISO/IEC 42001 sets the standard for responsible, ethical, and secure AI use. Learn how it aligns AI governance with business strategy, mitigates risks, and fosters innovation through transparency and trust.In this episode, we answer to:Why do organizations need a specific standard for AI governance?What are the core components of ISO/IEC 42001 and how do they work in practice?How does aligning with ISO 42001 impact innovation and business trust?Resources Mentioned in this Episode:ISMS.online website, article "Understanding ISO 42001 and Demonstrating Compliance", link https://www.isms.online/iso-42001/ Schellman website, article "How to Assess and Treat AI Risks and Impacts with ISO/IEC 42001:2023", link https://www.schellman.com/blog/iso-certifications/how-to-assess-and-treat-ai-risks-and-impacts-with-iso42001Scytale website, article "Exploring the Role of ISO/IEC 42001 in Ethical AI Frameworks", link https://scytale.ai/resources/exploring-the-role-of-iso-iec-42001-in-ethical-ai-frameworks/Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

ISO 20022 is reshaping global payments with rich, structured data, offering enhanced compliance, operational efficiency, and new revenue possibilities. As the 2025 deadline nears, financial institutions must modernize systems, reduce risks, and unlock powerful analytics. Ready or not, change is here.In this episode, we answer to:What happens if you’re not ISO 20022-compliant by November 2025?How does ISO 20022 improve payment data quality and analytics?What are the key phases to successfully transition your systems?Resources Mentioned in this Episode:StoneX website, article "STS – ISO 20022: A Global Shift in Cross-Border Payments", link https://www.stonex.com/en/thought-leadership/02-03-2025-sts-iso-20022/SWIFT website, article "ISO 20022 for Financial Institutions: Focus on Payments Instructions", link https://www.swift.com/standards/iso-20022/iso-20022-financial-institutions-focus-payments-instructionsS&P Global Market Intelligence website, article "ISO 20022 Adoption Poses Challenges and Presents Opportunities", link https://www.spglobal.com/market-intelligence/en/news-insights/research/iso-20022-adoption-poses-challenges-and-presents-opportunitiesErnst & Young website, article "Nine Considerations for ISO 20022 Migration", link https://www.ey.com/en_gl/insights/banking-capital-markets/nine-considerations-for-iso-20022-migrationConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

In today’s episode of The ITSM Practice, we explore the future of project management in an AI-driven world. How can project managers stay relevant when AI plans, flags risks, and analyzes moods? Discover how emotional intelligence, critical thinking, and ethical leadership shape the next generation of project leaders. In this episode, we answer to: How should project managers adapt when AI starts shaping decisions? What skills will make project managers future-proof in an AI-driven environment? How can we trust AI tools without losing human judgment and leadership?Resources Mentioned in this Episode:PMI Blog, article “Preparing Project Managers for an AI-Driven Future”, link https://www.pmi.org/blog/preparing-project-managers-for-an-ai-driven-futureAtlassian website, article “How to utilize AI for project management”, link https://www.atlassian.com/work-management/project-management/ai-project-managementPPM Express website, article “The Future of AI in Project Management: Trends and Innovations”, link https://ppm.express/blog/the-future-of-ai-in-project-management-trends-and-innovations/Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Dive into this essential episode of "The ITSM Practice Podcast" hosted by Luigi Ferri, where we rethink risk management beyond frameworks and dashboards. Discover how hidden vulnerabilities can silently disrupt operations and why evolving from Risk Officer to Continuity Architect is crucial for true resilience.In this episode, we answer to: Which risks are we ignoring because they don't fit usual categories? How can we identify informal, undocumented, or assumed asset dependencies? What would happen if a quiet, always-working process failed unexpectedly?Resources Mentioned in this Episode:Scytale website, article “Asset-Based Risk Assessment”, link https://scytale.ai/glossary/asset-based-risk-assessment/Aptine website, article “How to conduct Threat-Based Risk Assessment, link https://aptien.com/en/kb/articles/how-to-conduct-threat-based-risk-assessmentBCP Builder website, article “What is the relationship between Business Continuity and Risk Management”, link https://www.bcpbuilder.com/business-continuity-risk-management/Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how ISO 27001 boosts fintech security, simplifies compliance, builds customer trust, drives operational efficiency, attracts investors, and supports scaling. Learn why mid-sized fintechs must treat ISO 27001 as a strategic asset, not just a requirement.In this episode, we answer to:How does ISO 27001 improve fintech security and risk management in 2025? Why is ISO 27001 crucial for customer trust and faster market growth? How can ISO 27001 certification drive efficiency, investment, and scaling for fintechs?Resources Mentioned in this Episode: SecFix website, article “ISO 27001 Benefits for FinTechs”, link https://www.secfix.com/post/iso-27001-benefits-for-fintechsNeumetric website, article “ISO 27001 Compliance for Fintech” , link https://www.neumetric.com/journal/iso-27001-compliance-for-fintech-1444/ISMS Online website, article “ISO 27001 for the Fintech Sector”, link https://www.isms.online/sectors/iso-27001-for-the-fintech-sector/Dataguard website, article “ISO 27001 on the rise: How the certification is driving value for fintech companies”, link https://www.dataguard.com/blog/iso-27001-for-fintech-companies-why-do-you-need-it-dataguardCertPro website, article “The Importance of ISO 27001 Compliance for Fintech Startups in Canada”, link https://certpro.com/iso-27001-for-fintech-startups/Connect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Many IT Professionals collect certifications, but real mastery means transforming theory into outcomes, leadership, and trust. In this episode, we explore what the ITIL 4 Master journey demands beyond exams and frameworks.In this episode, we answer to:Am I just qualified, or have I truly mastered IT service management? Can I speak the language of the boardroom, not just the server room? How can I design services that align with business needs, not just best practices?Resources Mentioned in this Episode: New Horizons, article “Everything You Need to Know About Achieving ITIL Master Certification”, link https://www.newhorizons.com/resources/blog/itil-masterVinsys, article “How do I become an ITIL 4 Master? Everything You Must Know”, link https://www.vinsys.com/blog/become-itil4-masterITSM Group, article “ITIL® Master: Everything about the highest certification level in the ITSM methodology”, link https://www.itsmgroup.com/news/detail/itil-master-zertifizierungPurple Griffon, article “The ITIL® Certification Scheme – Explained”, link https://purplegriffon.com/blog/itil-certification-schemeConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Discover how BIAN helps banks escape legacy traps by offering standardized, modular service domains and semantic APIs. This episode reveals why BIAN exists, what problems it solves, and how to assess your alignment with it. A must-listen for IT leaders in financial services aiming for agility and interoperability.In this episode, we answer to: What is BIAN and how does it standardize banking architecture? Why was BIAN created to address integration chaos in banks? How can you assess your services' alignment with the BIAN framework?Resources Mentioned in this Episode: Book “BIAN 2nd Edition – A framework for the financial services industry. Van Haren Publishing.BIAN Website, article “New Study Reveals Banks Struggle to Achieve Priorities, Meet Customer Expectations Hampered by Technology Modernisation Challenges and Lack of Industry Standards”, link https://bian.org/news-room/banks-struggle-meeting-customer-expectations-technology-challenges/AWS website, article “Modern AWS Data Strategy and Architecture for banking using BIAN Framework”, link https://aws.amazon.com/blogs/industries/modern-aws-data-strategy-and-architecture-for-banking-using-bian-framework/IBM website, article “How generative AI and BIAN technology standards are shaping the future of banking”, link https://www.ibm.com/think/insights/genai-bian-standards-shape-bankingThoughtworks Website, article “How BIAN can help drive coreless banking and improve innovation in the industry”, link https://www.thoughtworks.com/en-de/insights/blog/platforms/bian-coreless-bankingConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya

Struggling to make change stick? Discover six proven principles that help turn resistance into results. Learn how purpose, communication, leadership, and reinforcement can boost your change success and team engagement.In this episode, we answer to:Why is anchoring change in purpose critical for transformation success? How can leaders support individual transitions during organizational change? What makes structured change flexible enough to adapt in real time?Resources Mentioned in this Episode:Prosci website, article “12 Change Management Principles and Best Practices”, link https://www.prosci.com/blog/change-management-principlesPersonio website, article “Keep These 10 Change Management Principles Top Of Mind”, link https://www.personio.com/hr-lexicon/change-management-principles/IC Agile website, article “6 Change Management Principles & How to Use Them”, link https://www.icagile.com/resources/6-change-management-principles-and-how-to-use-themRemesh website, article “7 Organizational Change Management Frameworks That Stick”, link https://www.remesh.ai/resources/7-organizational-change-management-frameworksConnect with me on:LinkedIn: https://www.linkedin.com/in/theitsmpractice/Website: http://www.theitsmpractice.comAnd if you want more tips and guidance, follow me on LinkedIn. I am sharing daily posts regarding Enterprise Service Management, IT Service Management, and IT Security.Credits:Sound engineering by Alan Southgate - http://alsouthgate.co.uk/Graphics by Yulia Kolodyazhnaya