Imagine for a moment…

⭐️ No more squabbling over scope.

⭐️ Smart ways to bust through misconceptions about the DSS, operational definitions in the PCI space and the disconnect between the DSS and the proof required to assess controls as “in place.”

⭐️ No more churn with submitting the right evidence based on frequency requirements.

Sounds like PCI bliss, right?

Imagine everyone in your organization speaking the same PCI Compliance language…

I remember what it was like working for a large Level 1 merchant and Fortune 100 Company. To say the organization had a fragmented and disjointed understanding of PCI DSS is an understatement.

When I came on board, interpretations of the PCI DSS varied wildly. For example:

  • The lead application developer insisted that call center agents inputting credit card data into the system were not in scope or part of the payment process. From the developer’s perspective, only the application did the “processing” of the credit card data.

In fact, 13 call centers, 3,000 people, 3,000 laptops, and a number of key processes were completely left out of scope based on this erroneous definition of “processing.” 

Not only did this interpretation error cost the organization tens of thousands of assessment dollars, but it also caused a huge delay in delivering that year’s PCI Report on Compliance.

It doesn’t have to be this way.  

What if you could get your entire organization on the same PCI page?

How awesome would that be?

What would that look like for your organization?

When your PCI ISA or compliance manage kicks off a Report on Compliance, does everyone involved understand their roles and responsibilities?

Do system administrators understand why the servers they manage are in scope? And are they collecting evidence based on requirement frequencies?

How comfortable are your technology subject matter experts when it comes to being interviewed by the QSA?

When your staff operates from PCA’s PCI Compliance Essentials playbook, you’ll have

  • A well oiled PCI Compliance machine operating at peak performance.
  • Impress the socks off your QSA and acquirer.
  • Your industry peers and colleagues will want what you’ve achieved with your PCI Compliance program.

Doesn’t this sound amazing? 

PCI Compliance Essentials is the one course NO ONE is teaching except Payment Card Assessments

People are spending thousands of dollars on PCI Compliance training. 

We could easily market this course for $2,000, $3,000, or even $5,000 per person. But we’re not.


At Payment Card Assessments we stand firm that what we do and what we teach is AFFORDABLE, ACTIONABLE, and ACHIEVABLE.

$995 for a live workshop spread out over 5 days sounds so much better, right?

We’re dropping serious nuggets of wisdom to help organizations get everyone from system administrators, incident response handlers, billing, C-level executives and everyone else who has a piece of the PCI pie ON THE SAME PAGE and speaking THE SAME LANGUAGE.

But wait, it gets even better.

Here's What You Can Expect in PCI Compliance Essentials for Everyone In Your Organization:

Module 1: What is PCI DSS?

In this module we cover the history of PCI, how it came about, why it’s important, and the critical roles and certifications in the PCI space.

We’ll break down the life cycle of a credit card transaction and the function of issuers, card brands, and acquirers.

We’ll also explore the myths and misconceptions that continue to plague PCI Compliance across the merchant landscape.

Module 2: Understanding PCI Scope (Without Losing Your Mind)

This module is a deep dive into the biggest aspect of PCI Compliance that most organizations get wrong. You’ll come away with a firm grasp on the age old question, “what’s in scope” and you’ll have the ability to complete an end-to-end scope assessment of your cardholder data environment.

This is where the rubber hits the road. If you don’t have an accurate scope before you have your QSA begin assessing your cardholder data environment, in the wise words of Winne-the-Pooh, “all you’ll have left is just a mess without a clue.”

We’re going to teach you how to get this right AND continuously maintain your scope so you don’t drop the PCI ball.

Module 2 includes some nitty gritty BONUS Material. Class participants will receive The Ultimate PCI Scope Assessment Guide. This is your step by step guide with our proven 6 simple steps to maintain an accurate scope.

Module 3: Decrypting PCI DSS Requirements.

Next to scope, every PCI stakeholder in your organization needs to have the same foundational knowledge of the requirements, testing procedures, frequencies, requirement dependencies, and yes ~ the evidence required  for controls to be assessed as “In Place.”

We’re diving into the guts of the PCI DSS, supplemental guidance material, and the not so secret Reporting Instructions. 

Be prepared for a lot of a-ha moments.

Kudos to Peggy Nolan and Lisa Cressey for their remarkable expertise in the PCI DSS realm, brilliantly showcased in Payment Card Assessments website's PCI Training & Resource Center..

Module 4: Delivering a Successful Report on Compliance.

While primarily geared to PCI ISA’s or your compliance teams, all PCI stakeholders are critical to getting the annual Report on Compliance (or self-assessment) completed and submitted to the acquirer on time and on budget. This module includes practical tips and guidance on how to plan, execute, and deliver a successful Report on Compliance.

Module 4 includes BONUS Material. Class participants will receive PCA’s Report on Compliance Planner and Guide which will take you through your next RoC every step of the way.

Module 5: How to Implement Continuous PCI Compliance With a Sustainability Framework that REALLY Works.

Implementing Continuous PCI Compliance is the name of the game. Especially with the release of PCI DSS v4.0.

If you’re a Level 1 merchant still operating with “check box” or “fire drill” approach, this module is your golden ticket to fast track the maturity of your PCI DSS Compliance program.

After completing this module, you’ll have the strategies and structure on how to build a Continuous PCI Compliance program. You’ll be able to lift your program out of chaos and check box mode to a more mature program that’s not only sustainable but rock solid.

Who This Course Is For

  • Are you at your wits end? pulling your hair out, spending sleepless nights all because of PCI Compliance, then this course is for you.
  • Are you a CIO or CISO that’s just been voluntold your organizations PCI Compliance program? Then this course is for you.
  • If you’re a sys admin, developer, SOC analyst, incident response handler and you want to improve your area of PCI responsibility, this course is for you.
  • Maybe you’re a brand new PCI ISA and you don’t know which end is up. This course is definitely for you.
  • Cybersecurity professionals, IT security project managers, direct and mid-level managers, yep…this course is for you, too.

PCI Compliance Essentials is Not For Everyone

If your organization is already operating at a Continuous PCI Compliance level and you’ve already achieved what so many organization have yet to attain, obviously, this course isn’t for you or your organization.

However, share this post with your colleagues. 

After all, a rising tide lifts all boats.

PCI Compliance Essentials Schedule

All classes are LIVE via Zoom.

Course schedule: (All times EASTERN standard time)

Module 1: Monday, October 2, 2023 5:30-7:30pm EST

Module 2: Thursday, October 5, 2023 5:30-7:30pm EST

Module 3: Thursday, October 12, 2023 5:30-7:30pm EST

Module 4: Monday, October 16, 2023 5:30-7:30pm EST

Module 5: Thursday, October 19, 2023 5:30-7:30pm EST

Ready to Enroll?

Remember how I mentioned we want this course AFFORDABLE? 

At $995 you get all the wisdom from Peggy and Lisa who ran a world class Continuous PCI Compliance program at a Level 1 merchant for 10 years. 

We decided to offer this course for $795. 

That’s right. $795.

However, to get this amazing offer you need to sign up by September 28, 2023.

PCI Compliance Essentials is loaded with practical strategies that won’t cost you and arm and leg to implement. 

Oh, and one more thing…

There’s only 15 spots available. 

We hope to see you in October!

05 Mar 2022

Seven Reasons Why Merchants Need A PCI DSS Sustainability Program

Let’s be real for a second – the report on compliance is mandatory for all level 1 merchants and any merchant regardless of level that is required to provide a report on compliance by either their acquirer or card brand. Most level 1 merchants fall out of compliance shortly after the ink is dry on their most recent report. Why? Because they don’t have a sustainability program. The RoC is treated like a bad surprise every year and that creates wasted effort, lost money, and burned out staff.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.