diff --git a/source/security.html.erb b/source/security.html.erb
index 16ffd4b..da2b8c6 100644
--- a/source/security.html.erb
+++ b/source/security.html.erb
@@ -38,7 +38,7 @@ title: Security and compliance
         <h2 class="govuk-heading-m">PCI compliance</h2>
 
         <p class="govuk-body">
-          GOV.UK&nbsp;Pay is certified as a level 1 service provider with the Payment Card Industry Data Security Standard (PCI DSS) version 3.2.1. The PCI DSS provides guidance to
+          GOV.UK&nbsp;Pay is certified as a level 1 service provider with the Payment Card Industry Data Security Standard (PCI DSS) version 4.0. The PCI DSS provides guidance to
           help maintain payment security.
         </p>
 
@@ -107,8 +107,8 @@ title: Security and compliance
         <p class="govuk-body">We only collect the data necessary to run GOV.UK&nbsp;Pay.</p>
 
         <p class="govuk-body">
-          We won’t retain that data any longer than we need it, and definitely no longer than 7 years, and only share it if it’s necessary to run GOV.UK&nbsp;Pay or if required by
-          law.
+          We will not retain that data any longer than we need it, and definitely no longer than 7 years, and only share it if it’s necessary to run GOV.UK&nbsp;Pay or if required
+          by law.
         </p>
 
         <p class="govuk-body">