The Information controller decides the reasons for which as well as the usually means by which private facts is processed. This enables all organizations—from big companies to startups and smaller and medium enterprises, which may not have the requisite security infrastructure and staff members—to remain guarded and PCI DSS compliant. https://www.nathanlabsadvisory.com/blog/author/nathan/page/3/