Decmber 2025: Merchant or Service Provider Understanding Your Role Under PCI DSS
Not sure whether your organisation counts as a merchant or a service provider under PCI DSS v4.0.1? You’re not alone—this is one of the most common points of confusion we see. In our latest guidance, Fiona Howard, PCI DSS QSA and cybersecurity specialist at Locked Stack, breaks down the definitions, explains why the distinction matters and outlines what it means for your compliance journey. A clear, accessible read for anyone navigating PCI DSS requirements.
November 2025: From Tasks to Oversight: Making PCI DSS 12.4.2 Work for You
A practical look at how PCI DSS 12.4.2 moves organisations beyond checklist compliance toward real operational oversight. Fiona Howard, PCI DSS QSA, explains how effective quarterly reviews strengthen governance, validate critical security tasks, and improve resilience across modern environments.
October 2025: The HUMAN ELEMENT IN CYBERSECURITY
Fiona is a former educator turned cybersecurity specialist and PCI DSS Qualified Security Assessor (QSA) at Locked Stack. She focuses on aligning human-centric security strategies with regulatory frameworks like PCI DSS. During assessments, security awareness training is often a recurring topic—and one of the most challenging areas for organisations to get right.
SEptember 2025: Getting you PCI DSS Scope Right
A focused guide on creating clear, accurate, and maintainable PCI DSS scoping documentation. Fiona Howard, PCI DSS QSA, explains how to define and record in-scope systems, boundaries, and data flows in a way that supports assessments and simplifies ongoing reviews. Essential reading for organisations preparing PCI DSS v4.0.1 documentation or strengthening existing scope records.
Contact us
Get in touch with our team to discuss your cybersecurity and governance needs, or to learn how our services can strengthen your organisation’s security posture. Whether you require support with compliance, infrastructure, or risk management, we’re here to help.