Course

Skills

PCI DSS: Achieving and Maintaining Compliance

Achieving PCI DSS compliance can be hard and frustrating. This course provides practical advice for every stage of the compliance journey from working out what compliance means for you, scoping, assessment, and importantly how to stay compliant.

Preview this course

What you'll learn

It's time to bring together the theoretical knowledge of becoming PCI DSS compliant, and the practical knowledge of how the standard really works! In this course, PCI DSS: Achieving and Maintaining Compliance, you’ll gain the ability to take an organization on a PCI DSS compliance journey and understand the challenges in maintaining PCI DSS compliance. First, you’ll learn about who may ask you to comply with PCI DSS and the different ways that you can demonstrate your compliance. Next you’ll explore how to determine what people, processes and technology that the PCI DSS requirements will apply to, and the ways to minimize these. Then, you'll discover what a Qualified Security Assessor (QSA) will do when they assess your compliance with the standard, and what you can do when your organization cannot comply with certain requirements. Finally, you’ll learn how to prevent control decay, scheduled tasks, and change from destroying your hard-won PCI DSS compliance. When you’ve finished with this course you'll have the skills and knowledge to pilot an organization through a successful PCI DSS compliance journey, and then maintain PCI DSS compliance year after year.

Course Overview

1min

Course Overview 2m

Introduction and Recap

24mins

What Does Compliance Mean?

40mins

Reporting Compliance: RoCs and SAQs 10m
Understanding the Different Types of SAQ 10m
Defining What Compliance Is for an Organization 12m
Negotiation and the Prioritized Approach 8m

The Journey to Compliance

24mins

Introducing the Compliance Journey 3m
The Prepare Phase: Compliance Is an Organizational Issue 9m
Getting to an “As Is” Picture of How Cardholder Data Is Processed 9m
When Should You Engage with an Assessor? 1m
Is Your QSA an Assessor or an Advisor? 2m

Scoping, Segmentation, and Scope Reduction

35mins

Scoping and the Cardholder Data Environment 8m
Culture, Security, Compliance, and PCI DSS 2m
Techniques to Reduce the Scope of the CDE 4m
Removing Cardholder Data to Reduce PCI DSS Scope 6m
Outsourcing to Reduce PCI DSS Scope 2m
Changing Business Processes to Reduce PCI DSS Scope 3m
The Hard Work in a PCI DSS Compliance Program 5m
Scoping Tips for Very Large Organizations 3m
Good and Bad PCI DSS Scope Reduction 3m

Using and Assessing the Standard

45mins

The Standard and Testing Procedures 6m
Assessing a Requirement 4m
Documenting the Evidence of an Assessment 6m
Help with Interpretation 5m
Resolving Differences of Opinion with Assessors 8m
Compensating Controls 8m
Writing Compensating Controls 6m
Common Problems with Compensating Controls 3m

The Assessment Process

17mins

The Assessment Process 8m
Working with Your Assessor 3m
How Long a PCI DSS Assessment Takes 2m
An Assessment Should Not Be a Disruptive Exercise 2m
Differences between a Service Provider and a Merchant Assessment 1m
Providing Feedback About Your Assessor 1m

Maintaining Compliance

52mins

Control Decay 9m
Scheduled Tasks in PCI DSS 6m
Managing Change in PCI DSS 6m
Embedding PCI DSS in BAU Must Be Part of the Compliance Program 7m
PCI DSS Sustainability: The Assessor’s Perspective 7m
The Second PCI DSS Assessment 3m
Designated Entities Supplemental Validation (DESV) 14m

About the authors

John Elliott

John Elliott is a specialist in regulated security and data protection. His fascination is the way that people engage with security directives: whether that’s a company following external regulation, an information security team developing policies, an IT team following them, or a colleague who is just trying to do their job securely. John has led information security and data protection functions in aviation and financial services. He’s represented both Visa Europe and Mastercard on the PCI S... more

See more courses by John Elliott

Jacob Ansari

Jacob Ansari worked on Pluralsight courses that cover the topic of PCI DSS Standards.

See more courses by Jacob Ansari

Ready to upskill? Get started

Contact Sales

PCI DSS: Achieving and Maintaining Compliance

What you'll learn

Table of contents

About the authors

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

PCI DSS: Achieving and Maintaining Compliance

What you'll learn

Table of contents

About the authors

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?