• Personnel of Commerces where electronic or in person payment is made those who manage cardholder data and systems, security, communications, applications and developments, related to them.
• Personnel of Service Providers related to the treatment, storage or transmission of cardholder data.
• Personnel departments of Audit, Security, Technology, Systems, etc. of companies affected by the standards.

Knowledge of card payment processes, IT security knowledge or experience in the development of systems and software.

The contents of each of the four modules that can be combined are:

• MODULE 1: Introduction
• Standards (PCI DSS, PA, PTS):
• Changes to PCI DSS and PA DSS Version 2.
  PCI Standards: PTS PCI (PCI PED), PA DSS, PCI DSS.
• What are the standards?
• Who apply each?
• How do they interrelate?
• Approvals of auditors: QSA, PA-QSA and ASV.
• Merchants, Service Providers and Acquirers:
  • Classification of companies by the card brands.
  • Responsibilities of each affected.
  • Security programs of VISA and Mastercard.
• EMV, SNCP and PCI DSS
• PCI DSS Requirements Analysis:
• Requirements Analysis 1-12..
• PA DSS requirements analysis:
• Requirements Analysis 1-14.


• MODULE 2: Payment Card Industry Data Security Standard (PCI DSS)
• Addressing an implementation of PCI DSS
  • Identification of processes:
    • Transmit, process and store.
    • Identification of people and IT.
  • PCI SSC prioritized approach:
    • Creation of the Plan of Action.
    • Importance of prioritization of projects.
  • Project Zero: reducing the scope of PCI DSS.
  • Segregation of the environment:
    • What is valid for the segmentation and why not?
    • The importance of need-to-know to reduce the environment.
    • Encryption and masking.
  • Routine tasks to fulfill:
    • Vulnerability scans, Intrusion Test, etc.
    • Everything else.
  • Compensating controls.
  • Alignment of the regulatory framework.
  • Securing Information Systems.
• Reporting Compliance with PCI DSS SAQ or Audit
  • SAQ, Self Assessment Questionnaire:
    • How to choose the appropriate SAQ?
    • How to properly fill out the questionnaire?
    • Common mistakes when filling in the SAQ.
  • Auditing a QSA:
    • Requirements to QSA.
    • Audit Procedure.
    • Main problems to overcome an audit.
• Maintaining the PCI DSS certification
  • How do I keep the PCI DSS certification?
  • Internal tasks.
  • External tasks.


• MODULE 3: Payment Application Data Security Standard (PA DSS)
• PA-DSS implemented in the development process:
  • What is considered Payment Application?
  • What applications are affected by PA DSS?
  • PA DSS requirements.
  • Development environments.
  • Developing good practices.
  • What can and can not do the Payment Applications?
  • Implementation Guide for payment applications.
• Overcoming the process of PA-DSS Audit:
  • Audit Procedure.
  • Validation of the Implementation Guide.
  • Validation of laboratory tests.
  • Main problems to overcome an audit.
• Maintenance of certification PA DSS:
  • How do I keep the certification PA DSS?
  • Major changes.
  • Minor changes.


• MODULE 4: Incidents
• Management and response in case of cardholder data related incidents:
• Mandatory procedures of the card brands.
• Qualified Incident Response Assessor (QIRA) / Qualified Forensic Investigator (QFI).
• Cost of an incident.

The duration of each module are:

• Module 1 (Introduction): 4 hours
• Module 2 (PCI DSS): 12 hours
• Module 3 (PA DSS): 12 hours
• Module 4 (Incidents): 8 hours

For Barcelona session, dates are as follows:

• Module 1 Session A (Introduction): March, 5th 2012.
• Module 1 Session B (Introduction): March, 12th 2012.
• Module 2 (PCI DSS): March, 5th to 6th 2012.
• Module 3 (PA DSS): March, 12th to 13th 2012.
• Module 4 (Incidents): March 7th 2012.

The course trainers are members of the Consulting Department, holders of certificates QSA, PA-QSA or both, with experience in the processes of implementation and auditing standards.

At the end of each module will be a test to validate the use of training.
The course and materials will be in Spanish.

Barcelona | IL3-UB (Institute for Lifelong Learning) | C. Ciutat de Granada, 131 | Metro Glòries.

The cost of each module and its combinations are the following (normal inscription / early inscription):

• Module 1 (Introduction), 4 hours: 225 € / 200 €
• Module 2 (PCI DSS), 12 hours: 825 € / 800 €
• Module 3 (PA DSS), 12 hours: 625 € / 600 €
• Module 4 (Incidents), 8 hours: 425 € / 400 €
• Modules 1+2, 16 hours: 1.000€ / 950 €
• Modules 1+3, 16 hours: 800 € / 760 €
• Modules 1+2+3, 28 hours: 1.600 € / 1.440 €
• Modules 1+2+4, 24 hours: 1.400 € / 1.260 €
• Modules 1+3+4, 24 hours: 1.200 € / 1.080 €
• Modules 1+2+3+4, 40 hours: 2.000 € / 1.750 €

Discounts for Service Providers, Merchants and Financial Institutions, Acquirers or Payment Application vendors affected by compliance of PCI DSS or PA DSS.

The cost includes:

• Coffee break.
• Materials of the course.
• Printed copies of the last versions in spanish of the standards PCI DSS and/or PA DSS.
• Examen of each module (spanish).

Deadlines and early inscriptions dates for each course are, respectivly, as followes:

• Module 1 Session A (Introduction): January 27th, 2012 | February 24th, 2012.
• Module 1 Session B (Introduction): February 3rd 2012 | March 2nd, 2012.
• Module 2 (PCI DSS): January 27th, 2012 | February 24th, 2012.
• Module 3 (PA DSS): February 3rd, 2012 | March 2nd, 2012.
• Module 4 (Incidents): February 3rd, 2012 | March 2nd, 2012.

More information and inscriptions in the telephone +34 93 305 13 18 or e-mail