We now offer Payment Card Industry (PCI) Security Awareness Training
We were recently asked if we provide Payment Card Industry (PCI) Security Awareness Training. In response to this request, we are excited to announce Healthcare Compliance Pros has launched our Payment Card Industry (PCI) Security Awareness Training module and we created a PCI DSS Requirement Checklist that has been uploaded to our Forms section.
A brief history
Ten years ago American Express, Discover, MasterCard, Visa, and JCB formed the Payment Card Industry Security Standards Council (PCI SSC) as a private regulatory body to facilitate the development of a standard to act as a common set of minimum security requirements to be implemented by all merchants and service providers that handle sensitive credit card data.
In 2005, the PCI Data Security Standard regulations went into effect.
Why PCI Security Awareness Training?
According to the PCI Security Standards Council security awareness and training materials may be developed in-house, adapted from a professional organization's work, or purchased from a vendor.
- PCI training and security awareness training is a mandatory requirement for any business or organization that accepts credit cards or processes cardholder information.
- Under PCI-DSS 12.6 your organization must implement a formal security awareness program to make all personnel aware of the importance of cardholder data security.
A strong security policy sets the tone for security affecting an organization's entire company, and it informs employees of their expected duties related to security. All employees should be aware of the sensitivity of cardholder data and their responsibilities for protecting it.
How often should PCI Security Awareness Training be completed?
According to the PCI Security Standards Council, security awareness should be conducted as an on-going program to ensure that training and knowledge is not just delivered as an annual activity, rather it is used to maintain a high level of security awareness on a daily basis. Establishing a minimum awareness level for all personnel can be the base of the security awareness program. Security awareness may be delivered in many ways, including formal training, computer-based training, e-mails and circulars, memos, notices, bulletins, posters, etc. The security awareness program should be delivered in a way that fits the overall culture of the organization and has the most impact to personnel.
- Under PCI-DSS 12.6.1 organizations that accept or process credit -/- payment cards must educate personnel upon hire and at least annually thereafter. PCI-DSS-12.6.1.b requires verification that employees have attended awareness training upon hire and at least annually thereafter.
- PCI-DSS 12.6.2 requires personnel to acknowledge, at least annually, that they have read and understood the security policy and procedures.
How we can help
Instead of your organization needing to spend time creating a PCI Security Awareness Training or investing in an expensive training from a vendor, we have created an affordable course for you. This course is available in our Course Library and can be previewed. To help your organization meet the PCI DSS requirements, we have also created a PCI DSS Requirement Checklist that you may download from our Forms section. In addition to PCI Security Awareness Training, many of your organization's security policies and procedures are contained in the HIPAA Security training module. Training on these policies and procedures is an essential part of your organization's security awareness. Each course provides quizzes that test understanding of security policies and procedures, and a certificate of completion that acknowledges they have read and received security awareness training. Finally, our Compliance Insider newsletter is constantly updated with important and ongoing articles that discuss security awareness – all of which helps to ensure your organization is in compliance with PCI Security Standards.
If you would like more information about our PCI Security Awareness Training please feel free to comment below, or send us an email at [email protected] , or reach us by phone toll-free at 855-427-0427.