Payment Card Industry Data Security Standard (PCI DSS) is a set of comprehensive requirements for security management, policies, procedures, network architecture, software design and training to secure credit cardholder information. The standard requires any company that accepts credit card payments to meet a minimum level of compliance, including training. All involved parties must have training: employees of the company that accepts payment cards and the security assessors who audit those companies. Optionally, internal employees seeking to improve and promote awareness of organisations' internal PCI DSS self-assessments, procedures and processes can seek certification.
Other People Are Reading
Training Requirements for PCI Compliance
According to the PCI DSS Requirements and Security Assessment Procedures published by the PCI Security Standards Council, every company that processes credit card information faces audits and possible fines if they are not in compliance. For compliance, auditors must confirm that the company has implemented a formal security awareness program. The program should inform all employees of the importance of protecting cardholder data, emphasising each employee's responsibility toward securing that information. The PCI Security Standards Organization offers courses for employee awareness training as do many third-party training vendors.
Qualified Security Assessor Training Requirements
Security companies seeking to become Qualified Security Assessors (QSAs) must pass rigorous testing and annual re-certifications before they qualify to audit PCI DSS compliance. Before testing, the PCI Security Standards Council must approve an application process and documentation of validation requirements. The process includes submission of certifications, business license, insurance certificates and a registration fee. After the PCI Security Standards Council reviews these materials, and if it finds them complete, the company can schedule individual employee training. After the employees conclude training and pass testing, the PCI Security Standards Organization website lists the organisation as a QSA.
Internal Security Assessor Training Requirements
To enrol in the PCI Internal Security Assessor Training Program (ISA), you must be a full-time employee of an ISA Sponsor Company. Lists of sponsor companies and validation requirements appear on the PCI Security Standards Council website. If validated, the validated company's primary contact must submit any training inquiries and assignments.
- 20 of the funniest online reviews ever
- 14 Biggest lies people tell in online dating sites
- Hilarious things Google thinks you're trying to search for