Investing more in PCI DSS staff training can improve compliance rates with the Standard

/ According to Information Security Magazine, a survey released by Gartner states that close to one-fifth of companies that should be compliant with the Payment Card Industry Data Security Standard (PCI DSS) are not. These daunting statistics show that there is clearly a need for highlighting the importance of PCI DSS-compliance to organisations.

Every organisation that stores, transmits or processes card holder data must comply with the PCI DSS, which is enforced by the banks. However, many organisations are avoiding the compliance process which they see as complex and stressful. This creates a high risk of fraud for the banks, their customers and of course the financial losses for the organisations responsible too. Failure to comply with these requirements might result in heavy fines, restrictions, or even permanent expulsion from payment card acceptance programmes.

Alan Calder, CEO of IT Governance says, 'Gartner's survey is not surprising given the numerous data breach incidents we witnessed in 2011. It is harder to understand the logic of the organisations that first wait for the damage to happen before undertaking any measures.'

'PCI DSS-compliance doesn't need to be hard.' Calder continues, 'There are many resources available that can make the process easier. Take for instance training. An introductory PCI training course will provide staff with a good overview of the PCI DSS requirements whilst enabling them to develop an efficient, cost-effective plan for meeting these requirements. Then, there are documentation toolkits that staff can use to save themselves time in developing all documents from scratch. All this together costs less then one day consultancy.'

The PCI Foundation Training Course from IT Governance provides a comprehensive and practical coverage of all aspects of implementing the PCI DSS ( It explains the 12 key requirements of the PCI DSS and their multitude of mandatory sub-requirements, it offers insight on how to effectively scope an organisation's cardholder data environment and identifies areas which should be addressed as a matter of urgency.

The PCI DSS v2.0 Documentation Compliance Toolkit, on the other hand, provides all the documentation templates for all the mandatory PCI DSS policies, implementation guidelines and guidance on integrating with ISO 27001 - the international standard for an information security management system (

Organisations can book delegates onto this course online here . Course places can also be booked directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make bookings or purchases with a purchase order, either by telephone or by e-mail, to We also welcome overseas delegates on all our courses and can provide guidance on travel and hotel arrangements.

- Ends -

Desi Aleksandrova Marketing Executive
+44 (0) 845 070 1750


IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at