PCI DSS Merchant Training Nottingham UK

Attendees at the recent PCI DSS Training Seminar in Nottingham, organised by the Corporate IT Forum and delivered by Onformonics Trainers included a large transaction service provider, bricks-and clicks retailers, and  local UK authority organisations.  Those attending were seeking insight into the requirements and their interpretation and had heard about, or experienced first hand, problematic compliance engagements with QSAs or consultant organisations: all had heard news of card data loss, and were keen to avoid such publicity for their own organisations.

All found the two-day course informative (if at times demanding), and were able to gain further insight into the least painful ways of working towards compliance with the standard.  There was general interest in the suggested risk-based approach to data security, as opposed to a box-ticking mentality.

The organisations’ business models included call-centres and transaction handling via PDAs, and the trainers (with extensive QSA and consulting – as well as client-side – experience) were able to advise appropriately on the varying needs of different environments.  Particular interest was shown at discussions of topics such as emerging technologies including tokenisation, virtualisation, cloud computing as well as de-scoping and the workshop on compensating controls.

Networking among the delegates promoted discussions about which organisations found their current assessors more (and less) helpful, and who shared the same auditor.  Practical suggestions were provided on ways to handle the relationship with a QSA company and individual assessors ranging from the due diligence process, relevant experience, references, interpretation, engagement model, deliverables, deadlines, etc.

At the end of the second day, the evaluations of the course showed that those attending had greater awareness of the nature of the task before them, and had learned some useful techniques for reducing and controlling their progress towards achieving compliance, and maintaining that status through implementing a program management approach as opposed to a one-off project.