PCI DSS Security Training Requirements

Written by michelle boardman
  • Share
  • Tweet
  • Share
  • Pin
  • Email
PCI DSS Security Training Requirements
Any company accepting credit cards for payment must be PCI compliant. (credit-card image by Igors Leonovs from Fotolia.com)

Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements for security management, policies, procedures, network architecture, software design and training to secure credit cardholder information. The standard requires any company that accepts credit card payments to meet a minimum level of compliance, including training. All involved parties must have training: employees of the company that accepts payment cards and the security assessors who audit those companies. Optionally, internal employees seeking to improve and promote awareness of organisations' internal PCI DSS self-assessments, procedures and processes can seek certification.

Training Requirements for PCI Compliance

According to the PCI DSS Requirements and Security Assessment Procedures published by the PCI Security Standards Council, every company that processes credit card information faces audits and possible fines if they are not in compliance. For compliance, auditors must confirm that the company has implemented a formal security awareness program. The program should inform all employees of the importance of protecting cardholder data, emphasising each employee's responsibility toward securing that information. The PCI Security Standards Organization offers courses for employee awareness training as do many third-party training vendors.

PCI DSS Security Training Requirements
Many vendors offer online courses for PCI awareness training. (Office-manager behind the workplace kdd image by Mykola Velychko from Fotolia.com)

Qualified Security Assessor Training Requirements

Security companies seeking to become Qualified Security Assessors (QSAs) must pass rigorous testing and annual re-certifications before they qualify to audit PCI DSS compliance. Before testing, the PCI Security Standards Council must approve an application process and documentation of validation requirements. The process includes submission of certifications, business license, insurance certificates and a registration fee. After the PCI Security Standards Council reviews these materials, and if it finds them complete, the company can schedule individual employee training. After the employees conclude training and pass testing, the PCI Security Standards Organization website lists the organisation as a QSA.

Internal Security Assessor Training Requirements

To enrol in the PCI Internal Security Assessor Training Program (ISA), you must be a full-time employee of an ISA Sponsor Company. Lists of sponsor companies and validation requirements appear on the PCI Security Standards Council website. If validated, the validated company's primary contact must submit any training inquiries and assignments.

Don't Miss

  • All types
  • Articles
  • Slideshows
  • Videos
  • Most relevant
  • Most popular
  • Most recent

No articles available

No slideshows available

No videos available

By using the eHow.co.uk site, you consent to the use of cookies. For more information, please see our Cookie policy.