Cianaa Training

PCI DSS Training: Payment Card Security Compliance Courses

Build your team’s PCI DSS knowledge with instructor-led training covering the full PCI DSS v4.0 standard — from foundational awareness through to advanced implementation and QSA exam preparation.

PCI DSS v4.0
QSA-delivered
On-site, virtual, or public
QSA-delivered
Standard PCI DSS v4.0
12 Requirements
Across 6 control objectives
1–2
Network
3–4
Data Protection
5–6
Vuln Mgmt
7–9
Access Control
Aligned to PCI SSC v4.0 framework
QSAs as your trainers
Hands-on assessment experience
Trusted by compliance teams across ANZ
About This Course

PCI DSS Training from Cianaa

The Payment Card Industry Data Security Standard (PCI DSS) is the global standard for organisations that store, process, or transmit cardholder data. With PCI DSS v4.0 now in full effect, organisations and their teams need up-to-date knowledge to implement controls correctly, evidence compliance, and prepare for assessment.

Cianaa’s PCI DSS training is delivered by Qualified Security Assessors (QSAs) with hands-on assessment experience — not generic trainers reading from slides. Our courses cover the full PCI DSS v4.0 requirement set, practical implementation guidance, and real-world examples drawn from QSA practice.

Course highlights

  • Covers PCI DSS v4.0 — the current active standard
  • Delivered by practising Qualified Security Assessors (QSAs)
  • Suitable for awareness through to practitioner level
  • Customisable to your industry and card environment
  • Available as on-site, live virtual, or public cohort
  • CPE hours available for eligible certifications
  • Certificate of completion issued to all participants
Training Paths

Three training paths — for internal teams owning PCI DSS compliance.

Half-Day · Awareness

Foundation

  • PCI DSS v4.0 at a glance
  • Cardholder data lifecycle
  • Compliance roles & responsibilities
  • Why your team’s role matters
For: Any staff with CDE exposure
Format: Virtual or on-site
Enquire about Foundation
Custom · Internal Audit

Internal Audit

  • Conduct PCI DSS self-assessments
  • Common QSA findings to avoid
  • Evidence package structuring
  • Second-line review techniques
For: Internal Auditors, Compliance Mgrs
Format: Virtual / on-site
Enquire about Internal Audit
Course Modules

What This Training Covers

Our PCI DSS training modules cover the full PCI DSS v4.0 standard — from network security through to evidence gathering and assessment readiness.

PCI DSS v4.0 Overview

Structure of the standard, changes from v3.2.1, customised approach, and the compliance lifecycle.

Network Security (Req 1–2)

Network segmentation, firewall configuration, default credentials, and system hardening requirements.

Cardholder Data Protection (Req 3–4)

Data discovery, storage minimisation, encryption at rest and in transit, and key management.

Vulnerability Management (Req 5–6)

Anti-malware, patching, secure development, and vulnerability scanning requirements.

Access Control (Req 7–9)

Least privilege, MFA, user account management, and physical access controls.

Monitoring & Testing (Req 10–11)

Logging, SIEM, intrusion detection, penetration testing, and vulnerability scanning cadences.

Policy & Governance (Req 12)

Security policies, risk assessments, incident response, and third-party management requirements.

Scoping & Evidence Gathering

How to correctly define your CDE scope, reduce scope through segmentation, and gather audit-ready evidence.

Assessment Readiness

Common QSA findings, what assessors test, preparing your documentation, and managing the ROC process.

Delivery Options

How This Training Is Delivered

Cianaa offers flexible delivery options to suit your team’s schedule, size, and location.

On-Site Classroom

Instructor-led training delivered at your premises. Ideal for teams of 6+ who benefit from group discussion and hands-on exercises in a shared environment.

Live Virtual

Instructor-led sessions delivered online via video conference. Fully interactive with Q&A, breakout exercises, and real-time engagement with the trainer.

Public Scheduled Courses

Join a scheduled open cohort alongside participants from other organisations. Ideal for individuals or small teams who want to learn alongside peers from different sectors.

Who Should Attend

Who Is This Training For?

PCI DSS training is relevant for any team responsible for protecting cardholder data — from technical implementers to senior leadership.

IT Security & Infrastructure Teams

Staff responsible for implementing and maintaining the technical controls required by PCI DSS.

Compliance & Risk Managers

Professionals managing the organisation’s PCI DSS compliance programme and assessment cycle.

Software Developers

Development teams building or maintaining applications in the cardholder data environment.

Internal Auditors

Audit professionals assessing PCI DSS controls as part of internal audit or second-line review programmes.

C-Suite & Board

Executives seeking awareness-level understanding of PCI DSS obligations and risk exposure.

QSA Exam Candidates

Professionals studying for the PCI SSC QSA qualification who want structured exam preparation support.

FAQ

Frequently Asked Questions

Does this training cover PCI DSS v4.0?
Yes. All Cianaa PCI DSS training is based on PCI DSS v4.0, which became the only active version of the standard in March 2024. Content covers both the immediate requirements and the future-dated requirements that organisations must implement by March 2025.
Can the training be customised for our specific environment?
Yes. We offer customised private training sessions tailored to your specific card environment type (merchant, service provider, acquirer), industry sector, and the controls most relevant to your implementation. Contact us to discuss your requirements.
Is this course suitable for QSA exam preparation?
Our advanced PCI DSS practitioner courses provide strong foundational knowledge for QSA exam candidates. However, the PCI SSC QSA qualification requires attending official PCI SSC training. Our courses complement that preparation with practical assessment experience and real-world context.
How long is the course?
Course duration depends on the level selected. Awareness courses typically run half a day (3–4 hours). Practitioner-level courses covering all 12 requirements in depth run 1–2 days. We can also deliver focused modules on specific requirement areas in shorter sessions. Contact us for a recommendation.
Ready when you are

Build Your Team’s PCI DSS Knowledge

Enquire about PCI DSS training for your team — we’ll recommend the right course level and format for your compliance programme.

No obligation · ANZ-based team · Response within 1 business day

Other training your team might need

See all training →
ISO 27001

Information Security Management

Build a broader information security programme that supports PCI DSS compliance.

View course
ISO 27701

Privacy Information Management

Extend your data security programme to address privacy obligations alongside PCI DSS.

View course
All courses

Browse Cianaa Training

Explore Cianaa’s full training catalogue across cybersecurity, ISO standards, and compliance.

View all training