PCI DSS Training: Payment Card Security Compliance Courses
Build your team’s PCI DSS knowledge with instructor-led training covering the full PCI DSS v4.0 standard — from foundational awareness through to advanced implementation and QSA exam preparation.
PCI DSS Training from Cianaa
The Payment Card Industry Data Security Standard (PCI DSS) is the global standard for organisations that store, process, or transmit cardholder data. With PCI DSS v4.0 now in full effect, organisations and their teams need up-to-date knowledge to implement controls correctly, evidence compliance, and prepare for assessment.
Cianaa’s PCI DSS training is delivered by Qualified Security Assessors (QSAs) with hands-on assessment experience — not generic trainers reading from slides. Our courses cover the full PCI DSS v4.0 requirement set, practical implementation guidance, and real-world examples drawn from QSA practice.
Course highlights
- Covers PCI DSS v4.0 — the current active standard
- Delivered by practising Qualified Security Assessors (QSAs)
- Suitable for awareness through to practitioner level
- Customisable to your industry and card environment
- Available as on-site, live virtual, or public cohort
- CPE hours available for eligible certifications
- Certificate of completion issued to all participants
Three training paths — for internal teams owning PCI DSS compliance.
Foundation
- PCI DSS v4.0 at a glance
- Cardholder data lifecycle
- Compliance roles & responsibilities
- Why your team’s role matters
Practitioner
- All 12 requirements in depth
- Scoping & segmentation strategies
- Evidence gathering & ROC readiness
- Customised approach decisions
Internal Audit
- Conduct PCI DSS self-assessments
- Common QSA findings to avoid
- Evidence package structuring
- Second-line review techniques
What This Training Covers
Our PCI DSS training modules cover the full PCI DSS v4.0 standard — from network security through to evidence gathering and assessment readiness.
PCI DSS v4.0 Overview
Structure of the standard, changes from v3.2.1, customised approach, and the compliance lifecycle.
Network Security (Req 1–2)
Network segmentation, firewall configuration, default credentials, and system hardening requirements.
Cardholder Data Protection (Req 3–4)
Data discovery, storage minimisation, encryption at rest and in transit, and key management.
Vulnerability Management (Req 5–6)
Anti-malware, patching, secure development, and vulnerability scanning requirements.
Access Control (Req 7–9)
Least privilege, MFA, user account management, and physical access controls.
Monitoring & Testing (Req 10–11)
Logging, SIEM, intrusion detection, penetration testing, and vulnerability scanning cadences.
Policy & Governance (Req 12)
Security policies, risk assessments, incident response, and third-party management requirements.
Scoping & Evidence Gathering
How to correctly define your CDE scope, reduce scope through segmentation, and gather audit-ready evidence.
Assessment Readiness
Common QSA findings, what assessors test, preparing your documentation, and managing the ROC process.
How This Training Is Delivered
Cianaa offers flexible delivery options to suit your team’s schedule, size, and location.
On-Site Classroom
Instructor-led training delivered at your premises. Ideal for teams of 6+ who benefit from group discussion and hands-on exercises in a shared environment.
Live Virtual
Instructor-led sessions delivered online via video conference. Fully interactive with Q&A, breakout exercises, and real-time engagement with the trainer.
Public Scheduled Courses
Join a scheduled open cohort alongside participants from other organisations. Ideal for individuals or small teams who want to learn alongside peers from different sectors.
Who Is This Training For?
PCI DSS training is relevant for any team responsible for protecting cardholder data — from technical implementers to senior leadership.
IT Security & Infrastructure Teams
Staff responsible for implementing and maintaining the technical controls required by PCI DSS.
Compliance & Risk Managers
Professionals managing the organisation’s PCI DSS compliance programme and assessment cycle.
Software Developers
Development teams building or maintaining applications in the cardholder data environment.
Internal Auditors
Audit professionals assessing PCI DSS controls as part of internal audit or second-line review programmes.
C-Suite & Board
Executives seeking awareness-level understanding of PCI DSS obligations and risk exposure.
QSA Exam Candidates
Professionals studying for the PCI SSC QSA qualification who want structured exam preparation support.
Frequently Asked Questions
Does this training cover PCI DSS v4.0?
Can the training be customised for our specific environment?
Is this course suitable for QSA exam preparation?
How long is the course?
Build Your Team’s PCI DSS Knowledge
Enquire about PCI DSS training for your team — we’ll recommend the right course level and format for your compliance programme.
Other training your team might need
See all training →Information Security Management
Build a broader information security programme that supports PCI DSS compliance.
View coursePrivacy Information Management
Extend your data security programme to address privacy obligations alongside PCI DSS.
View courseBrowse Cianaa Training
Explore Cianaa’s full training catalogue across cybersecurity, ISO standards, and compliance.
View all training