PCI DSS 4.0 Copilot
Work through the Payment Card Industry Data Security Standard v4.0.1, from CDE scoping to SAQ and AOC drafting
What the PCI DSS 4.0 Copilot Can Do
Determine which SAQ type (A, A-EP, B, B-IP, C-VT, C, P2PE, or D) matches your acceptance channels
Scope and document your cardholder data environment (CDE) and connected systems
Map controls to the 12 PCI DSS v4.0.1 requirements and six control objectives
Interpret the v4.0 customised approach vs the defined approach for each requirement
Track requirements that became mandatory on 31 March 2024 and 31 March 2025
Draft policies, network diagrams narratives, and Attestation of Compliance (AOC) text
About PCI DSS 4.0 Copilot
PCI DSS is the Payment Card Industry Data Security Standard maintained by the PCI Security Standards Council, applicable to any entity that stores, processes, or transmits cardholder data. Version 4.0 was released in March 2022 and replaced the retiring v3.2.1 on 31 March 2024. The maintenance release v4.0.1 was published in June 2024; v4.0 remained valid until 31 December 2024, after which v4.0.1 is the only active version. A further set of future-dated v4.x requirements became mandatory on 31 March 2025. The standard is organised into 12 principal requirements grouped under six control objectives, covering network security, cardholder data protection, vulnerability management, access control, monitoring, and an information security policy. Validation depends on merchant or service-provider level: a Self-Assessment Questionnaire (SAQ) of the appropriate type, an annual Report on Compliance (ROC) produced by a Qualified Security Assessor (QSA) for higher volumes, and an Attestation of Compliance (AOC). ISMS Copilot is a guidance and documentation tool: it helps you define your cardholder data environment (CDE) scope, select the correct SAQ type, interpret the customised vs defined approach in v4.0, and draft policies and AOC narratives. It does not perform QSA assessments and cannot issue PCI DSS certification or attestation.
Frequently Asked Questions
What is PCI DSS 4.0?
PCI DSS is the Payment Card Industry Data Security Standard, maintained by the PCI Security Standards Council. Version 4.0 was published in March 2022 and replaced v3.2.1 on 31 March 2024. Maintenance release v4.0.1 followed in June 2024 and became the only active version after v4.0 was retired on 31 December 2024. It comprises 12 requirements under six control objectives that apply to organisations handling payment card data.
How does the PCI DSS 4.0 Copilot help?
It helps you scope your cardholder data environment (CDE), choose the correct Self-Assessment Questionnaire (SAQ) type, interpret the v4.0 defined and customised approaches, and draft supporting policies and Attestation of Compliance (AOC) narratives. It is a documentation and guidance aid and does not perform Qualified Security Assessor (QSA) assessments or issue certification.
Can ISMS Copilot certify my PCI DSS compliance?
No. PCI DSS validation is performed through a Self-Assessment Questionnaire or a Report on Compliance produced by a Qualified Security Assessor (QSA), with an Attestation of Compliance. ISMS Copilot supports the preparation and documentation work but cannot act as a QSA or issue any PCI DSS certification or attestation.
Ready to streamline your compliance work?
Built for speed, accuracy, and audit-ready output.