PCI DSS Foundation, Implementation, V3 SAQ Workshop

featured events, Uncategorized

PCI DSS Foundation

This one day foundation course provides an introduction to the Payment Card Industry Security Standard (PCI DSS) and delivers practical guidance on how it applies to your organisation.

The PCI DSS is administered by the PCI Security Standards Council (PCI SCC) with the specific objectives of decreasing payment card fraud across the internet and increasing the security of confidential payment card information.

Every organisation that stores or transmits or processes card holder data must comply with PCI DSS standard. Compliance to the standard is regulated and enforced by payment card brands, such as VISA, MasterCard and American Express, directly or through their partner relationships with ‘acquirer’ banks.

Developed by a Qualified Security Assessor (QSA), this training course builds a clear understanding of the PCI DSS and enables learners to plan a cost-effective, time-efficient compliance project.

Who should attend this course?
Anyone involved in a PCI DSS compliance project who would like to develop a background on the standard and its requirements.

If you need a more comprehensive and practical coverage of all aspects of the implementation and continued maintenance of PCI DSS, please see our four (4) day PCI DSS Implementation Training Course.

For a practical session on how to complete the PCI DSS v3.2 Self-Assessment Questionnaires (SAQs), please see our two day PCI DSS v3.2 SAQ Workshop.

Course contents include

  • The purpose of the PCI DSS and the requirement for protection of cardholder data.
  • PCI DSS objectives and intent.
  • Related PCI standards and programmes.
  • Understand how PCI DSS compliance is enforced by the payment brands.
  • Compliance needs for merchants and service providers. Explanation of the different levels.
  • Understand how compliance to the standard must be reported by merchants and service providers.
  • Overview of the 12 standard requirements.

Entry requirements
This introductory course has no formal entry requirements.

PCI DSS Implementation

This four days course provides a comprehensive and practical coverage of all aspects of implementing a Payment Card Industry Security Standard (PCI DSS) compliance programme. Successful completion of the inclusive exam leads to the industry-recognised PCI DSS

Implementation (PCI IM) qualification is fully updated for the recently released PCI DSS v3.2 standard. The Payment Card Industry Data Security Standard (PCI DSS) is administered by the PCI Security Standards Council (PCI SCC) with the specific objectives of decreasing payment card fraud across the internet and increasing the security of confidential payment card information.

Every organisation that stores or transmits or processes card holder data must comply with PCI DSS standard. Compliance to the standard is regulated and enforced by payment card brands (VISA, MasterCard, and American Express) directly or through their partner relationships with ‘acquirer’ banks.

Designed by a Qualified Security Assessor (QSA), this four days training course aims to develop the skills required to ensure that any organisation meets the requirements of the standard as defined by their payment card brand and their acquiring bank.

Who should attend this course?
Individuals who are responsible for the ensuring that their organisation becomes fully compliant to the technical and business requirements of the PCI DSS standard. Consultants seeking to provide PCI implementation advice to their respective client organisations.

Course contents include

  • The purpose of the PCI DSS and the requirement for protection of cardholder data.
  • PCI DSS objectives and intent.
  • Related PCI standards and programmes.
  • Understand how PCI DSS compliance is enforced by the payment brands.
  • Compliance needs for merchants and service providers. Explanation of the different levels.
  • Understand how compliance must be reported by merchants and service providers.
  • Overview of the 12 standard requirements.
  • Scoping and applicability of the PCI DSS.
  • Technical Implementation of the requirements.
  • Use of PCI DSS Documentation Toolkit
  • Project management.
  • Maintaining compliance.
  • Additional considerations for: call centres, encryption, software development, mobile payments, skimming.

Entry Requirements
There are no formal entry requirements. We recommend that all delegates download (free) and read the Payment Card Industry Data Security Standard (PCI DSS) document from the PCI SSC website.

The Exam
This course prepares delegates for an optional examination on the last day of the training programme. Successful candidates will be awarded the PCI DSS Implementation (PCI IM) qualification.

PCI DSS v3 SAQ Workshop

This two days’ workshop is designed to provide delegates with the practical knowledge required to complete the new PCI DSS v3 Self-Assessment Questionnaires (SAQs) and ensure full compliance to the PCI DSS v3 standard.

Understand the new PCI SAQs and achieve compliance to PCI DSS v3.0
The Payment Card Industry Data Security Standard (PCI DSS) Version 3 was published in November 2013 and requires the majority of service providers and merchants to complete a Self-Assessment Questionnaire (SAQ).

The new version of the standard has introduced both new SAQ eligibility criteria and new and more complex SAQ documents. Merchants who previously completed SAQ A which only had 13 questions may now have to complete the new SAQ-EP which has 139 questions! Larger merchants with multiple payment systems will be required to submit more than 1 type of SAQ and satisfy additional requirements such as penetration testing.

PCI DSS v3 effective from 1 Jan 2015
The new PCI DSS v3 SAQ documents and requirements will come into effect from 1 Jan 2015. All organisations worldwide will be required to use and complete them in order to maintain their annual compliance to the PCI DSS standard. The PCI DSS v3 SAQ Workshop is a two days’ practical session designed to help merchants and service providers fulfil the requirements of the SAQ process with confidence and ease.

Who should attend the course?
Managers who are responsible for ensuring that their organisation maintains full compliance to the PCI DSS standard.

Course contents
Presented by a PCI QSA (Qualified Security Assessor), the workshop is based on a ‘real-life’ case study of a PCI merchant company which needs to ensure PCI DSS compliance across a number of different payment platforms.

  • Overview of the additional compliance requirements of PCI DSS v3
  • Introduction to the different types of SAQs
  • Details of the new SAQ Validation Types which include A-EP, B-IP, and D-SP
  • Applicability of SAQ Types to payment processing scenarios:
  • E-commerce
  • Face To Face
  • Mail or Telephone Order (MOTO)
  • Q & A to receive specific advice to help your organisation

Entry Requirements
While there are no formal entry requirements, this course has been designed to meet the needs of delegates who already have a working knowledge of PCI DSS and are responsible for ensuring their organisation maintains its compliance to the standard.