Special Interest Groups

The PCI Security Standards Council’s (PCI SSC) Special Interest Groups (SIG’s) leverage PCI SSC Participating Organizations' (PO) valuable business and technical experiences, to collaborate with the PCI SSC on any supporting guidance or special projects relating to the PCI Security Standards.

A SIG may be formed to address a specific industry or technological challenge. A SIG's objective is to recommend changes, clarifications or improvements to the PCI Standards and the programs that support them. In some cases, a SIG's deliverable will be a white paper or guidance document that provides clarification on specific requirements or areas of interest, but does not change the standards or supporting frameworks. SIG’s are not limited to technical matters but may focus on any area that supports the mission of the PCI Security Standards Council.

Participating Organizations and Qualified Security Assessor Special Interest Group participants have made significant contributions to the development of Council Standards, tools and educational resources. The Council recognizes and thanks the many SIG volunteers and their contributions. Outcomes of SIG collaboration and PO participation to date include:

For more information about PCI SSC SIGs, please review the questions on this page, contact us or email sigs@pcisecuritystandards.org.

Click here to download the Special Interest Group Proposal Form

Who can form a SIG? How can I propose one?

Any Participating Organization (PO), Qualified Security Assessor (QSA) or Approved Scanning Vendor (ASV) is invited to propose a Special Interest Group during an open proposal period that runs between July 1 and August 29, 2011. Stakeholders should complete the proposal form on this page and return to sigs@pcisecuritystandards.org within this time frame.

Who will lead the SIGs?

A PCI SSC representative will chair, lead and project manage SIG work. This collaboration will free SIG volunteers to focus on contributing subject matter expertise, without responsibility for logistical matters. This new way of working will also ensure greater alignment between SIG volunteer contributions and PCI SSC direction.

How will SIGs be chosen?

Ultimately, SIGs will be chosen directly by the Participating Organization membership that represents merchants, financial institutions and payment processors - the very organizations that are implementing PCI Standards.

After the close of the SIG proposal period on September 1 2011, a shortlist of proposals will be drawn up by PCI SSC. This process is aimed at consolidating any overlapping proposals and ensuring shortlisted proposals are focused on areas the Council can commit to focusing on in the coming year.

Presentations from PO’s, QSA’s and ASV’s on shortlisted SIG proposals will be given at the North American and European Community Meetings. Following this Participating Organizations will be an electronic vote on which proposals to move ahead with.

What are some of the areas that SIG’s have covered in the past? What topics are appropriate for SIG projects?

Outcomes of and topics covered by SIG collaboration and PO participation to date include:

SIG work may provide clarification on specific requirements within a PCI Standard, examine how PCI Standards work within any given industry or environment, or any other area that supports the Council’s mission of raising awareness and increasing adoption of PCI Standards. Since the Council is focused on providing tools and resources to secure payment card data within the current payment system, and must also operate within a strict anti-trust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG project.