In this session, we will look at how the controls in PCI DSS v4.0 are more focused on PCI security as a continuous process, and what is required to manage compliance throughout the year. GRC is all around us now, and this is filtering down merchants of all but the very smallest levels now. Demonstrating security as a continuous process with programs such as PCI and GDPR can also help to reduce Cyber Insurance premiums, sometimes by more than the cost of the actual security program.