25 November 2010, Warsaw, Poland

Another successful PCI DSS education seminar delivered by Onformonics in co-operation with Visa Europe.

Onformonics continuously improves the content of its training course material with the latest news, information and compliance mandates to ensure maximum value add for all delegates. This on its own however is not enough to guarantee the success of the trainings. Having successfully delivered ten of these two day educational seminars during 2010 we have learnt that quality of  content and the subject matter expertise of the trainers based on years of experience with PCI DSS is not enough to guarantee success. What makes Onformonics’ approach unique is the ability to transmit hands-on, practical knowledge. Delegates throughout all trainings have verbalized the fact that the acquired knowledge is helping their organisations to  tangibly reduce the cost of their compliance programs and bring risks to acceptable levels using less time and resources.

A great deal of the attending organisations are often competing companies which  results in  obstacles to the flow and exchange of information regarding compliance activities and initiatives. The networking component is a major contributing factor to  the success of the Onformonics training seminars as it provides a platform to establish inter-company communication channels that were previously non-existent between IT, project management, CSO and other functions involved in the compliance process.

Although attending organisations may vary considerably from one training to the next, some general similarities can be observed across seminars. During the PCI DSS workshop, the trainers will likely perform the following specific steps:

- Give an opening presentation that explains the standard, its history, drivers, latest developments, relationship to other PCI standards and describe what the workshop is designed to accomplish.

- Identify ground rules for the workshop, such as "Each delegate should be heard and his/her comments treated with respect and attention" and "What is said in the workshop stays in the workshop."

- Provide an overview of all topics to be discussed in the workshop and allow these to be dynamically adjusted based on delegate interests and composition

- Where practical visually demonstrate control objectives via on-screen presentation of diagrams, animations, multimedia clips and identify common pitfalls and remedial solutions.

- Facilitate discussions about controversial, misunderstood or misinterpreted controls, which have been identified before or during the workshop. The discussions involve all delegates and seek to share the experience of delegates, ensuring that in addition to the trainers’ subject matter expertise opinions and knowledge of delegates are also presented. 

Using break-out sessions to create small groups, Onformonics translates the theory of the multitude of compliance controls and requirements into practical know-how steps. The following photographs capture the Compensating Controls workshop.

Here the trainers explained:

• Compensating Controls Key Principles
• Compensating Controls Key Myths
• Filling out a Compensating Controls Worksheet
• Compensating Controls  Application How-To
• Compensating Controls Risk Based Approach
• Compensating Controls For Specific Requirement

This segment was then followed by assigning real life scenarios to small groups, who had to present their compensating control worksheets and receive constructive remarks from both peers and the trainers.

You too could arrange for a PCI trainer to come to your organisation and conduct customised training. This can have cost advantages since it minimizes travel and registration costs. You  can also have different staff attend those parts more appropriate to their jobs. We've seen great examples at individual companies who make it part of a "security day." It can also work well for groups of companies that share common attributes such as similar types of business, compliance mandates, membership associations, etc. 

Whatever way you choose, compare costs, compare approaches, and get yourself trained. It pays great dividends.