Drucken Drucken
Textgröße Schriftbild vergrößernSchriftbild verkleinernSchriftbild zurücksetzen

PCI ISA Training Program

Training Schedule
Requirements
Course Description
General Information
ISA FAQs
Kontakt

The ISA training program, for internal security assessment staff at ISA sponsor companies, is comprised of a four hour online pre-requisite course and exam covering PCI fundamentals followed by an in-depth two day instructor-led course and exam. Successful completion results in ISA qualification and PCI DSS ISA certificate.

Online pre-requisite course curriculum covers:

  • Understanding the Payment Card Industry Security Standards Council and its role
  • Defining the processes involved in card processing
  • PCI roles and responsibilities
  • Understanding cardholder data
  • Defining network segmentation
  • PCI DSS assessments

Instructor-led course curriculum covers:

  • What is PCI and what does it mean to companies that must meet compliance with the DSS?
  • How the credit card brands differ in their validation and reporting requirements
  • PCI Data Security Standard (DSS)
  • PCI Hardware and Communications Infrastructure
  • PCI Reporting
  • Real world examples

Requirements for attending ISA Training

Steps to join as a Sponsor Company and have your employees attend ISA training

Step 1
Submit by mail only (Email submissions will not be accepted)required Sponsor company documentation.

  1. Original signed agreement, page 9 of the Validation Requirements document
    • The representative noted as your company primary contact should be prepared to receive all PCI SSC related communications
    • It is not required that your primary contact be an officer of your company  
  2. Copy of your company business license (Articles of Incorporation are also acceptable)
  3. A fully completed Individual Certification page for each employee you wish to send to training

*Please indicate what class you prefer to send them to based on the schedule shown below.

Please carefully review the  Validation Requirements for Internal Security Assessors (ISAs), to learn more about the program and locate the documents noted above.

Step 2
An invoice will be issued via email to the primary contact listed on the agreement page once the application is received. Applications are reviewed within 5 business days of receipt.  

The fees for the ISA training will be based on whether or not your company is a member of the PCI SSC Participating Organization Program.

The Participating Organization Program is a separate program and membership is not based on your company compliance to PCI DSS or the submission of the Sponsor Company documents outlined above.   To learn about the Participating Organization Program and how to join it, please click here.

Step 3
The course will consist of two parts: an on-line course followed by a short exam and a two-day instructor-led session ending with an exam.
Once payment for the invoice has been received the designated primary contact will receive instructions for the online portion of the training. Once the online training and test have been successfully passed, the primary will receive the location details for the instructor-led class.  This will not be released until  online Fundamentals training has been taken and the test passed.   

Expanded details on the ISA training can be reviewed below.

**All training inquiries and assignments must be submitted through your company's assigned primary contact.

SUBSTITUTION POLICY:
If your company needs to substitute one candidate for another, due to unforeseen circumstances, the new candidate will be required to complete the on-line PCI Fundamentals course prior to attending the instructor-led session.  If the replaced candidate decides to attend a later course, he or she will be required to complete the PCI Fundamentals course before attending the instructor-led session (even if the candidate has previously passed the exam.)   PCI SSC will not allow substitutions within one week of the start date of the training session for any reason. 

2011 New ISA Training Course Schedule

» ISA Training

Session
Date
Location
Time
Participating Organization Price
Non Participating Organization Price
7
 11-12 July Toronto, Canada 09:00-17:30 $1,495 USD
Sold Out		 $2,595 USD
Sold Out
8
 22-23 August Boston, Massachusetts, USA 09:00-17:30 $1,495 USD
Sold Out		 $2,595 USD
Sold Out
9
 22-23 August Boston, Massachusetts, USA
*Additional class added		 09:00-17:30 $1,495 USD $2,595 USD
10
 25-26 August Atlanta, Georgia, USA 09:00-17:30 $1,495 USD $2,595 USD
11
 15-16 September Scottsdale, Arizona, USA 09:00-17:30 $1,495 USD
Sold Out		 $2,595 USD
Sold Out
12
 18-19 September Scottsdale, Arizona, USA 09:00-17:30 $1,495 USD $2,595 USD
13
 21-22 October London, England 09:00-17:30 $2,250 USD $3,595 USD
14
 October Brazil 09:00-17:30 TBD $2,595 USD

If a specific date or location is not listed, the PCI SSC is still in negotiations.  The exact details will be posted immediately upon completion of the negotiations.

*Please Note: plus any applicable VAT.
Please note that training fees have increased for some locations due to local area costs.

Space is limited for each training session. Until payment is received for each employee PCI SSC WILL NOT RELEASE the on-line Fundamentals log-on instructions until payment is received and confirmed.  

Re-Qualification Requirements for ISA:
Please note that annual ISA Requalification Training will be held in CBT format.

English ISA Re-qualification fee: $995 USD

All training inquiries and assignments must be submitted through the ISA Sponsor Company's primary contact.

PCI SSC requires all training attendees to be full time employees of the Sponsor Company that they were initially hired by.

Attestation of information systems assessment training within the last 12 months to support professional certifications (even if the employee does not have professional certifications), of a minimum 20 Continuing Education (CE) hours per year and 120 Continuing Education (CE) hours over a rolling three year period. Training provided by PCI SSC will count towards the annual CE hours. Click here for information on activities that qualify for CE Hours.

All ISA Program training attendees will be required to sign and accept the terms of the PCI SSC ISA Employee Certification form at the time they begin the CBT training.

Payment of the training invoice must be received before login information will be created and sent to the primary contact.

Please specify which two week session your employee(s) would like to be registered for or they will automatically be register for the two week session prior to their expiration date.

All requests for re-qualification must be submitted at least two weeks prior to the certificate expiration date.

To register, please have your company’s primary contact email training@pcisecuritystandards.org

General Information Regarding Training

The only document you will be allowed to reference during the test is a translation dictionary if needed.

Training times may vary, you should check the schedule above for the exact time of each class. Both the on-line Fundamentals and Instructor-led classes end with a test being administered.

It is strongly recommend you set your flights to allow ample time to take the test and meet your flight for NEW ISA In-person classes. Tests will not be administered early for any reason. The only materials you will need to bring are writing utensils for any notes you wish to take. No electronic devices can be used during the exam THIS IS A CLOSED BOOK EXAM.

The exact location of each new ISA training session is sent to the Primary Contact only, and is sent once the training invoice has been paid and the on-line Fundamentals training exam has been passed.

PCI SSC does not negotiate or "block" room rates for any hotel location that may host a training session. All rooms are subject to the hotel rates. Prior to attending either PCI training session it is strongly recommended you familiarize yourself with the following publications:

  • PCI Glossar
  • PCI DSS
  • PCI Self-Assessment Questionnaire (SAQ) and its accompanying FAQ
  • PCI DSS Assessment Procedures
  • The PCI website in general and any recent statements submitted in the New & Events section of the website.

All ISA employees must recertify every 12 months in order to continue as an ISA representative their Sponsor Company.  Attempting to recertify 30 days past the ISAs annual expiration date will require the ISA to attend NEW ISA training.  

On-Line Fundamentals Course Description

The ISA program on-line Fundamental Course is a four hour CBT course that concludes with a 50 question multiple choice test.   This portion of the training assures that all participants attending the Instructor-led section of the training have the same baseline understanding of the PCI SSC, Card Data environment and the related terminology along with the Industry relationships within the Credit card transaction flow. 

Test Results: The Primary Contact at the Sponsor Company will be notified within seven business days after the ISA completes the on-line PCI Fundamentals training and exam. Employees who fail may retake the training and test two additional times at no cost.  If the employee(s) pass, the Sponsor Company will be sent a confirmation email that will include the Instructor-led training location and details.  

Instructor-led Course Description
The ISA training program is an in-depth two-day instructor-led course.  The program is the next step for those ISA candidates who have successfully completed the PCI Fundamentals online course. This course builds on the knowledge gained in PCI Fundamentals and delves into the actual PCI DSS requirements and testing procedures. In addition it addresses topics such Report on Compliance (ROC) documentation, QA ROC review, and compensating controls to name just a few. Also included are case studies that provide the ISA candidate with a simulation of assessment scenarios that may aid them in solving common problems found in their own environments.  This also concludes with a 60 question multiple choice exam.

Test Results: The Primary Contact at the Sponsor Company will be notified two weeks after the ISA attends and passes the Instructor -led PCI ISA training and test. Employees who fail this exam and wish to enroll in a second class will be required to pay the full costs for the chosen location. If the employee(s) pass, the Sponsor Company will be sent a certificate that validates the employee for the next 12 months.

Attendance during the entire two day PCI SSC NEW ISA training class is mandatory. Missing more than 30 minutes of the class will automatically be cause of forfeiture of the PCI SSC ISA exam and removal from the class.

All ISA employees must recertify every 12 months in order to continue as an ISA representative their Sponsor Company.  Attempting to recertify 30 days past the ISAs annual expiration date will require the ISA to attend NEW ISA training.  

Overview of the ISA training program:

  • What is PCI and what does it mean to companies that must meet compliance with the DSS? – An overview of the payment card industry, the terminology used within the industry, the flow of transaction data through the various components that make up the payment card industry, and the relationships between the various organizations in the process.
  • How the credit card brands differ in their validation and reporting requirements – Detailed coverage of the classifications and compliance requirements for merchants and service providers and details about the various card brands’ compliance programs.
  • PCI Data Security Standard (DSS) – An overview of the current DSS (version 2.0), the testing procedures for validating compliance, and what constitutes compliance with the requirements.
  • PCI Hardware and Communications Infrastructure – Generalized training on the current state of typical devices and connectivity used by organizations to accept payment cards, and communicate with the verification and payment facilities
  • PCI Reporting – An overview of the different types of reports that must be submitted to the card brands or their designated agents to demonstrate compliance (or non-compliance) of the organizations filing the reports.
  • Real world examples – An overview of compliance issues and mitigation strategies including defining compensating controls, creating policies and modifying the cardholder data environment.

If you have any further questions regarding the process for registering your employees for this training please contact the PCI Sponsor ISA Program Manager at isa@pcisecuritystandards.org


Certification Programs

Zurück nach oben

Der PCI Security Standards Council (der "Council") bietet verschiedene Funktionen, Fragebögen, Anleitungen, FAQs, Trainingshilfen und andere Materialien und Informationen, um Organisationen bei ihren Bemühungen zu unterstützen, die Standards zu erfüllen (die "Standards"). Fremdprodukte und -dienstleistungen sind ebenso verfügbar, der Council billigt oder empfiehlt jedoch derartige Fremdprodukte oder -dienstleistungen nicht und rät allen Organisationen aus Compliance-Gründen, sich mit den Standards und den entsprechenden Anforderungen vertraut zu machen, ehe Sie Fremdprodukte oder -dienstleistungen erwerben. Und dann müssen unabhängig davon, ob und welche Fremdprodukte verwendet werden, alle geltenden Anforderungen erfüllt sein, um Compliance zu erreichen.
Powered By OneLink