Here's a RACI template for PCI DSS v4.0 Requirement 6, which is about developing and maintaining secure systems and applications. This requirement is vital to ensure that security is maintained throughout the software development life cycle and that systems are protected against known vulnerabilities. | PCI DSS v4.0 Requirement 6 Tasks | Responsible | Accountable | Consulted | Informed | |----------------------------------|-------------|-------------|-----------|----------| | 6.1: Establish a process to identify and assign a risk ranking to newly discovered security vulnerabilities | | | | | | 6.2: Ensure all system components and software are protected from known vulnerabilities | | | | | | 6.3: Develop internal and external software applications securely | | | | | | 6.4: Ensure security is included in software development policies and procedures | | | | | | 6.5: Address common coding vulnerabilities in software development processes | | | | | | 6.6: Review custom software code to identify any potential coding vulnerabilities | | | | | | 6.7: Test security of applications and systems regularly | | | | | - **Responsible**: The team or individuals who carry out the tasks. For example, the software development team could be responsible for addressing coding vulnerabilities. - **Accountable**: A high-level official overseeing the task's completion, such as the Chief Information Officer (CIO) or Chief Information Security Officer (CISO). - **Consulted**: Experts providing advice or input. This may include external cybersecurity consultants or an internal quality assurance team. - **Informed**: Those who need to be kept up-to-date about the task's progress, like the compliance department or executive management team. Fill in each category with the appropriate roles or departments within your organization, ensuring alignment with your organizational structure and the specific responsibilities related to secure system and software development.