{"entries":[{"entryId":"cl-015","eventType":"stat_verification_changed","affectedId":"STAT-MATURITY-CROSS-INDUSTRY-2026","affectedType":"stat","summary":"Verification note: maturity score remains provisional — full verification scheduled Q2 2026","detail":"Following internal review, the cross-industry maturity score (58/100) will remain at provisional status until Q2 2026 verification cycle completes. Value is directionally sound; full verification requires independent audit of benchmark collection methodology.","changedAt":"2026-03-05T09:00:00Z","changedBy":"GRCTrack Data Team","reason":"Internal review outcome — verification timeline update"},{"entryId":"cl-014","eventType":"citation_corrected","affectedId":"PCI-SSC-DSS-4-0-1","affectedType":"source","summary":"Citation corrected: PCI DSS v4.0.1 — updated canonical URL","detail":"Canonical URL updated to reflect PCI SSC document library reorganisation. Citation text unchanged. All published statistics unaffected.","changedAt":"2026-03-01T11:00:00Z","changedBy":"GRCTrack Content Team","reason":"Source URL correction — PCI SSC document library updated"},{"entryId":"cl-013","eventType":"stat_created","affectedId":"STAT-COMPLIANCE-COST-CROSS-INDUSTRY-2026","affectedType":"stat","summary":"Statistic created: average annual PCI DSS compliance cost (cross-industry)","detail":"Annual compliance cost computed from benchmark submissions. Value: $287,000 USD median (provisional). Covers QSA fees, remediation, internal labour, and tooling. Excludes breach response costs.","changedAt":"2026-02-20T09:00:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/pci-audit-cost-report","/pci-compliance-benchmarks"],"newValue":"$287,000"},{"entryId":"cl-012","eventType":"methodology_updated","affectedId":"GRCTRACK-METH-2026-001","affectedType":"methodology","summary":"Methodology clarification: outlier handling policy updated","detail":"Clarified outlier handling: values beyond ±3 standard deviations from cohort mean are winsorised (not excluded) for maturity scores. Remediation hours use ±2.5 SD threshold. No impact on published statistics.","changedAt":"2026-02-15T10:00:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/intelligence/methodology"],"reason":"Clarification based on methodology review feedback"},{"entryId":"cl-011","eventType":"stat_recalculated","affectedId":"STAT-REMEDIATION-DELAY-2026","affectedType":"stat","summary":"Statistic recalculated: average remediation delay — updated from 9.1 to 9.4 days","detail":"Remediation delay metric updated following monthly recalculation. Increase of 0.3 days reflects data from late-cycle submissions in hospitality and retail cohorts.","changedAt":"2026-02-01T08:30:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/pci-remediation-delays","/pci-compliance-benchmarks"],"previousValue":"9.1","newValue":"9.4","reason":"Monthly recalculation — updated cohort data"},{"entryId":"cl-010","eventType":"stat_recalculated","affectedId":"STAT-MATURITY-CROSS-INDUSTRY-2026","affectedType":"stat","summary":"Statistic recalculated: compliance maturity — updated with additional submissions","detail":"Benchmark dataset updated with 214 additional submissions received since initial generation. Composite maturity score unchanged at 58/100. Confidence interval narrowed.","changedAt":"2026-02-01T08:00:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/pci-compliance-benchmarks","/pci-compliance-maturity"],"previousValue":"58","newValue":"58","reason":"Routine monthly recalculation"},{"entryId":"cl-009","eventType":"source_registered","affectedId":"AICPA-SOC2-TSC-2017","affectedType":"source","summary":"Source registered: AICPA Trust Services Criteria (2022)","detail":"Framework document registered for SOC 2 cross-framework intelligence features. Verification status: verified.","changedAt":"2026-01-20T11:15:00Z","changedBy":"GRCTrack Content Team"},{"entryId":"cl-008","eventType":"source_registered","affectedId":"ISO-27001-2022","affectedType":"source","summary":"Source registered: ISO/IEC 27001:2022","detail":"Framework document registered for cross-framework intelligence features. Verification status: verified.","changedAt":"2026-01-20T11:00:00Z","changedBy":"GRCTrack Content Team"},{"entryId":"cl-007","eventType":"stat_created","affectedId":"STAT-AUTOMATION-CROSS-INDUSTRY-2026","affectedType":"stat","summary":"Statistic created: evidence automation adoption rate (cross-industry)","detail":"Automation adoption computed as proportion of evidence controls where automated collection tools are deployed. Value: 67% (provisional). Methodology counts partial automation at 0.5 weight.","changedAt":"2026-01-16T09:30:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/pci-automation-adoption-report","/pci-compliance-benchmarks"],"newValue":"67"},{"entryId":"cl-006","eventType":"stat_created","affectedId":"STAT-AUDIT-HOURS-CROSS-INDUSTRY-2026","affectedType":"stat","summary":"Statistic created: average PCI DSS audit hours (cross-industry)","detail":"Median audit hours computed from benchmark submissions. Value: 680 hours (provisional). Covers full ROC-level assessment effort including evidence gathering, QSA time, and remediation cycles.","changedAt":"2026-01-16T09:15:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/pci-audit-hours","/pci-compliance-benchmarks"],"newValue":"680"},{"entryId":"cl-005","eventType":"stat_created","affectedId":"STAT-MATURITY-CROSS-INDUSTRY-2026","affectedType":"stat","summary":"Statistic created: average PCI DSS compliance maturity (cross-industry)","detail":"Composite maturity score computed from benchmark dataset. Value: 58/100 (provisional). Based on N=4,721 submissions. Display mode set to provisional pending full verification cycle.","changedAt":"2026-01-16T09:00:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/pci-compliance-benchmarks","/pci-compliance-maturity"],"newValue":"58"},{"entryId":"cl-004","eventType":"dataset_generated","affectedId":"GRCTRACK-BDS-2026-001","affectedType":"dataset","summary":"Dataset generated: cross-industry PCI DSS benchmark (N=4,721)","detail":"First full generation of the 2026 benchmark dataset. Sample size reached 4,721 programme submissions. All 7 industry cohorts exceed minimum threshold of 30. Composite maturity scores, audit hours, compliance costs, automation adoption, and remediation delay metrics computed.","changedAt":"2026-01-15T14:00:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/datasets/pci-benchmarks","/pci-compliance-benchmarks"]},{"entryId":"cl-003","eventType":"source_registered","affectedId":"GRCTRACK-BDS-2026-001","affectedType":"source","summary":"Benchmark dataset registered: GRCTrack PCI DSS Benchmark Dataset 2026","detail":"Internal benchmark dataset registered with provisional status. Dataset covers 4,721 voluntary programme submissions across 7 industries. k-anonymity protection (k≥5) applied to all published outputs.","changedAt":"2026-01-15T10:30:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/datasets","/pci-compliance-benchmarks"]},{"entryId":"cl-002","eventType":"source_registered","affectedId":"PCI-SSC-DSS-4-0-1","affectedType":"source","summary":"Source registered: PCI DSS v4.0.1 (PCI SSC)","detail":"Primary source registration for PCI DSS v4.0.1. Manual review completed. Verification status set to verified.","changedAt":"2026-01-02T09:00:00Z","changedBy":"GRCTrack Content Team","affectedPages":["/intelligence/changelog"]},{"entryId":"cl-001","eventType":"methodology_published","affectedId":"GRCTRACK-METH-2026-001","affectedType":"methodology","summary":"Benchmark Intelligence Methodology v2026.1 published","detail":"Initial publication of the GRCTrack Benchmark Intelligence Methodology. Defines scoring approach (composite 0–100), weighting logic (maturity 40%, evidence 25%, automation 20%, remediation 15%), k-anonymity rules (k≥5), and minimum sample threshold (30 per cohort).","changedAt":"2026-01-01T00:00:00Z","changedBy":"GRCTrack Data Team","affectedPages":["/intelligence/methodology","/datasets"]}],"total":15,"asOf":"2026-04-28T14:35:50.271Z","attribution":"GRCTrack Intelligence Transparency Log"}