PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) AUDIT: FOCUSES ON COMPLIANCE WITH SECURITY STANDARDS FOR HANDLING CREDIT CARD INFORMATION.
“Ensuring Compliance and Securing Cardholder Data in a Digitally Connected World”
Course Schedule
| Date | Venue | Fees (Face-to-Face) |
|---|---|---|
| 06 – 10 Apr 2026 | London, UK | USD 3495 per delegate |
Course Introduction
The Payment Card Industry Data Security Standard (PCI DSS) sets the global benchmark for securing credit and debit card transactions against data theft and fraud. Organizations that handle cardholder information must ensure full compliance with PCI DSS to avoid breaches, penalties, and reputational damage.
This 5-day intensive training provides IT auditors, compliance professionals, and cybersecurity officers with a structured approach to planning, executing, and reporting PCI DSS audits. The course covers all 12 requirements of the standard, risk-based assessment strategies, and how to work with Qualified Security Assessors (QSAs) to ensure full compliance.
Course Objectives
By the end of this course, participants will be able to:
• Understand the core objectives and requirements of PCI DSS
• Plan and perform audits across the cardholder data environment (CDE)
• Evaluate security controls for storing, processing, and transmitting card data
• Identify non-compliance and prepare mitigation strategies
• Support certification readiness and maintain continuous compliance
Key Benefits of Attending
• Learn to assess and improve controls protecting cardholder data
• Understand PCI DSS v4.0 updates and industry validation requirements
• Reduce audit fatigue through structured assessment processes
• Prevent costly breaches and penalties through effective compliance monitoring
• Build collaboration between IT, compliance, and merchant functions
Intended Audience
This program is designed for:
• IT auditors and internal audit teams
• Cybersecurity and information security professionals
• Compliance and risk managers
• Payment processing and merchant services professionals
• IT managers involved in network, infrastructure, and system security
Individual Benefits
Key competencies that will be developed include:
• PCI DSS structure and control domains
• CDE scoping and risk-based audit techniques
• Vulnerability management and encryption control auditing
• Understanding of SAQs, ROC documentation, and QSA engagement
• Interpretation and implementation of compensating controls
Organization Benefits
Upon completing the training course, participants will demonstrate:
• Stronger defense against cardholder data breaches
• Improved internal controls aligned to PCI DSS
• Readiness for formal QSA-led PCI audits
• Reduced risk exposure and reputational harm
• Enhanced alignment between audit, IT security, and business functions
Instructional Methdology
The course follows a blended learning approach combining theory with practice:
• Strategy Briefings – PCI DSS v4.0 framework, audit lifecycle, and industry trends
• Case Studies – High-profile breaches and audit failures
• Workshops – Audit scope development, controls testing, and reporting
• Peer Exchange – Best practices for achieving and maintaining compliance
• Tools – Sample SAQs, audit checklists, gap analysis templates, and risk treatment plans
Course Outline
Training Hours: 07:30 AM – 03:30 PM
Daily Format: 3–4 Learning Modules | Coffee Breaks: 09:30 & 11:15 | Lunch Break: 01:00 – 02:00
Day 1: PCI DSS Foundations and Scope
- Module 1: Introduction to PCI DSS and Compliance Drivers (07:30 – 09:30)
• Cardholder data, regulatory background, and PCI ecosystem - Module 2: Scoping and Segmentation of the CDE (09:45 – 11:15)
• Network boundaries, third-party access, and tokenization - Module 3: Workshop – Scoping a Sample Cardholder Environment (11:30 – 01:00)
• Identify assets and define audit perimeter
Day 2: Control Domains 1–6 – Network, Access & Data Protection
- Module 4: Network Security Controls (07:30 – 09:30)
• Firewalls, routers, and segmentation - Module 5: Protecting Stored and Transmitted Data (09:45 – 11:15)
• Encryption, key management, and TLS requirements - Module 6: Workshop – Evaluate a Data Protection Implementation (11:30 – 01:00)
• Control testing and evidence gathering
Day 3: Control Domains 7–9 – Access Control and Physical Security
- Module 7: Role-Based Access and Authentication (07:30 – 09:30)
• Multi-factor authentication and least privilege - Module 8: Physical Access and Media Handling Controls (09:45 – 11:15)
• Security zones and disposal procedures - Module 9: Workshop – Access Rights Review Simulation (11:30 – 01:00)
• Perform access and role audit
Day 4: Control Domains 10–12 – Monitoring, Testing & Governance
- Module 10: Logging and Vulnerability Management (07:30 – 09:30)
• SIEM, log reviews, scanning, and patch cycles - Module 11: Security Policy and Awareness Programs (09:45 – 11:15)
• Documentation and training as audit evidence - Module 12: Workshop – PCI Audit Findings and Gap Plan (11:30 – 01:00)
• Build a remediation roadmap from a sample audit
Day 5: Audit Readiness and Continuous Compliance
- Module 13: SAQs, Reports on Compliance, and QSA Coordination (07:30 – 09:30)
• Differences between self-assessment and formal audit - Module 14: Continuous Monitoring and Internal Reviews (09:45 – 11:15)
• Controls for maintaining year-round compliance - Module 15: Final Workshop – PCI DSS Internal Audit Presentation (11:30 – 01:00)
• Deliver a mock audit presentation and receive feedback
Certification
Participants will receive a Certificate of Completion in PCI DSS Security Audit, confirming their ability to assess, report on, and maintain compliance with PCI DSS standards for protecting cardholder data.