usd AG has been accredited as a Security Evaluator by the European Payments Initiative (EPI). We are now authorized to carry out security...
EPI External Security Evaluator: usd Receives Accreditation from the European Payments Initiative
read more
Security Audits
Implementation of the NIS-2 Directive Has Been Postponed. What Is the Impact on the KRITIS Compliance Audit?
What's next for NIS-2? Due to the early elections in Germany, the parliamentary procedure for the NIS-2 implementation law NIS2UmsuCG could not be...
PCI Council Released Update of SAQ A: New Eligibility Criteria Replaces Future-dated Requirements
Last updated: 28 February, 2025 A few days ago, the PCI Security Standards Council (PCI SSC) announced important changes to SAQ A. Who is affected...
PCI DSS worldwide: usd AG one of 17 QSA companies with global accreditation
usd AG has once again received all the necessary licenses from the PCI Security Standards Council (PCI SSC) as a PCI DSS Qualified Security Assessor...
SWIFT CSCFv2025 - The Three Most Important Questions About the Update
Users of the SWIFT network are required to demonstrate compliance with the mandatory security controls through an annual independent audit in...
KRITIS: These Sectors Are Required to Provide Proof of Compliance in 2025
According to Section 8a (1) BSIG, operators of critical infrastructures (KRITIS) in Germany are obliged to take appropriate organizational and...
Information Security in Third-Party Risk Management: How to Monitor Your TPRM Program
Companies often work with a large number of service providers in order to be able to concentrate on their core business or save costs. For this to...
NIS-2: The Most Important Takeaways from the German Implementation Act
The law implementing the NIS-2 Directive aims to transpose the requirements of the European NIS-2 Directive into the German legal system. On May 7,...
What Does “Periodically” Actually Mean? PCI DSS v4.0 Specifies Timeframes
“Promptly”, “quarterly”, “periodically”: Many PCI DSS requirements demand that measures be implemented within a specified timeframe. While version...
Information Security in Third-Party Risk Management: How to Set Up a TPRM Program
Companies often work with a large number of service providers in order to be able to concentrate on their core business or save costs. For this to...
PCI DSS v4.0: The Transition Phase Is Over. What Will Change for You?
On March 31, 2024, the previous version 3.2.1 of the Payment Card Industry Data Security Standard (PCI DSS) expired. While companies were able to...
NIS-2 - Three Questions for our Experts on the New EU Directive
NIS-2: The new EU directive for cyber security is currently raising questions for security managers in countless companies: Are we affected? What...