Making Sense of Compliance and Governance - Foregenix in SC Magazine
A key point in the article is the fact that most merchants do not have a clear handle on where account data exists in their business, as evidenced by the large numbers of companies suffering breaches of data they did not realise they had. The identification of unprotected account data is key to understanding the business risk and PCI DSS scope within a business. It is likely to be one of the new requirements in the next version of the PCI DSS due out in October 2010.
Additionally, we have one clarification for the article - Rob quoted Benjamin Hosack as saying that most tier one companies are compliant - this should have read "most tier one payment service providers are compliant" , while most tier one merchants are currently in the process of becoming compliant.