Articles: Blogs

IT Governance Makes PCI DSS Simple With New E-Learning Course

Press Releases - 2nd August 2010

Ely, England, 2 August 2010 – IT Governance (ITG), the one-stop shop for compliance expertise, is taking the pain out of complying with the Payment Card Industry Data Security Standard (PCI DSS) with a unique new e-learning course.

Fighting fraud and identity theft, the PCI DSS exists to protect the personal data of payment cardholders. ITG’s new course provides clear and simple explanations of what companies and individual employees must do to meet the requirements of the current version (1.2) of the Standard.

Alan Calder, Chief Executive of IT Governance, says: ‘Any organisation that processes, transmits or stores payment card data must comply with the PCI DSS, which includes companies that provide merchants with commerce-related services such as web hosting. And an essential element of that compliance is the fact that every single member of staff who handles cardholder data must receive regular PCI DSS training.

‘Failure to comply with these requirements will result in heavy fines, restrictions, or even permanent expulsion from payment card acceptance programmes. More importantly, in the end, failure to meet your security obligations leaves you vulnerable to a data breach. And if you let your customers down in that way, the consequences for your business could be terminal.

‘The most cost-effective way to avoid that kind of crisis, and ensure regular, company-wide PCI DSS staff training, is through e-learning.’

Staff can conveniently take the PCI DSS course at their desks or, indeed, from the comfort of their own homes, by accessing the ITG learning management system website – effectively an online training centre. Having completed the 40-minute course, staff members take a 20-question multiple-choice test. If they pass, a printable certificate is awarded.

Calder continues: ‘E-learning brings many user benefits but, in the current economic climate, you have to particularly highlight the cost savings compared to conventional face-to-face training methods. There is no need to pay for an instructor, or to hire a meeting room. Furthermore, the travel, accommodation and subsistence costs associated with sending staff to off-site training do not apply. And, by minimising the time staff spend away from their desks when training, e-learning brings a business direct efficiency gains.

‘Another benefit of e-learning,’ Calder explains, ‘is that the process automatically retains records of which staff have completed the course, so the employer can easily monitor the compliance status of the company.’

Calder continues: ‘The theft of credit card details through the hacking of insecure e-commerce websites is sadly on the increase at a frightening rate. The PCI DSS is a key weapon in the battle against the cybercriminals, and staff training is one of the specific PCI DSS requirements. Our new e-learning course offers the simplest, quickest, most economical and most convenient means possible for a company’s employees to learn how to comply.’

ITG’s new e-learning course for the PCI DSS is on sale now at:, priced at £45 (US$67.16/€49.49) for a one-year subscription. Discounts are available for companies with six or more staff to train.

Furthermore, for a company needing to train 51 or more members of staff, the course can be customised. Any business buying this customised package, again available at a discounted price, will be able to include the firm’s own policies, procedures and in-house look and feel into the e-learning, as well as any relevant, company-specific information. The core customisation is built into the pricing from the outset, and the flexible pricing model ensures companies can add or remove users, in line with staff changes, without incurring additional fees. ITG can also train clients in how best to administer the customised course.

ITG’s new e-learning course is just one of the company’s expanding range of PCI DSS compliance support products. Indeed, the course contains policy statements from ITG’s best-selling PCI DSS v1.2 Documentation Compliance Toolkit, and is therefore an ideal addition for any company already using the toolkit.

ITG is also launching the Complete PCI Wizard and E-Commerce Compliance Package, which includes one year’s worth of approved scanning vendor (ASV) scans for a single web address. The package is ideal for small merchants, with relatively simple e-commerce set-ups, who need online support to evaluate their PCI compliance requirements and complete a self-assessment questionnaire (SAQ).

The Complete PCI Wizard and E-Commerce Compliance Package is available for £200 (US$298.47/€219.97) at:

Calder says: ‘This package is aimed at the many small merchants who need to be PCI DSS-compliant, but cannot afford to spend a large amount of money on the process.

‘Of course, customers can also buy PCI Wizard as a stand-alone product, just as they can buy ASV scanning services from us separately too.’

Further strengthening the company’s PCI DSS offering, ITG has cut the price of the PCI Compliance and Support Contract for the Smaller Business by more than £200, to just £1,995 (US$2,977.28/€2,194.16).

Calder comments: ‘This product is perfect for a small business with a reasonably complex e-commerce set-up, needing help and support beyond completing an SAQ.’

He concludes: ‘PCI DSS is a single, global standard, so all of our PCI packages can be delivered anywhere in the world.’