PCI DSS Implementation Training Course

Provided by

Enquire about this course

SKU: 4178

  • Train with the experts and gain the skills to lead and manage a PCI DSS (Payment Card Industry Data Security Standard) v4.0 implementation project.
  • Industry-leading course developed by our team of PCI QSAs (Qualified Security Assessors).
  • Learn from anywhere with our Live Online course that allows you to study your way, keeping travel and costs to a minimum. Find out more .
  • Successful completion of this three-day course and included exam awards the PCI DSS Implementation (PCI IM) qualification and 21 CPD/CPE points.
  • If you need the skills to lead the implementation of the previous iteration of the PCI DSS, v3.2.1, please see our Self-paced online course.

  • Training course outline

    Version 4.0 of the PCI DSS was published on 31 March 2022 to meet the evolving cyber security needs of the payments industry, promote security as a continuous process and enable organisations to use different methods to achieve their security objectives.

    To provide organisations with the time to implement the more complex requirements of version 4.0, the current PCI DSS v3.2.1 will remain active for two years until it is retired on 31 March 2024. If you require the skills to lead and manage a PCI DSS v3.2.1 implementation project, please purchase our Self-paced online course .

    The PCI DSS Implementation Training Course delivers the knowledge and skills needed to implement the technical and business controls required to meet the 12 requirements of PCI DSS v4.0.

    By taking this course, you will:

  • Get an understanding of the principles and application of PCI DSS scoping;
  • Gain in-depth knowledge of the 12 PCI DSS requirements;
  • Acquire the skills to apply the requirements to your organisation;
  • Find out how to create a PCI DSS implementation readiness programme for SAQ (self-assessment questionnaire) or external audit; and
  • Receive practical advice from an experienced PCI DSS consultant.

  • COVID-19: remote delivery options

    We would like to reassure our clients that all training courses will go ahead as scheduled during the current COVID-19 situation. As a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow you to learn from anywhere. Our Classroom / Live Online delivery option enables you to attend either in person or online. Please also refer to our COVID-19 policy.

    PCI DSS Implementation Training Course benefits

    Deliver PCI DSS compliance

    Understand and implement the technical and business controls needed to meet the 12 requirements of PCI DSS v4.0.

    Designed by experts

    Designed by QSAs with an auditor’s perspective on PCI DSS scoping, scope reduction, gap analysis and remediation.

    Delivered by professionals

    Taught by a PCI DSS consultant with extensive experience of helping organisations of all sizes achieve PCI DSS compliance.

    Learn from anywhere

    Choose to attend our Live Online course or in person at our training venue in Ely.

    See what our previous learners think about this course


    of delegates passed first time


    were happy with the pace of the course


    found the course content to meet their expectations


    agreed the course content was relevant

    “Kamala made it engaging and relevant, kept us moving. Really good course and enjoyed every minute. Kamala was excellent.”

    - Shaun Rathbone

    “Kamala is very knowledgeable, professional and has the right attitude for teaching and instructing. Awesome trainer!”

    - Felix Marcos Pelegrino, Head of IT, Paul UK Ltd

    Who should attend this course?

    This course is designed for individuals responsible for implementing all or part of the technical and business requirements of the Standard, for example:

  • Information security managers
  • Security engineers
  • IT directors
  • PCI DSS project managers

  • This course is also suitable for consultants seeking to provide PCI implementation advice to their respective client organisations.

    Your Learning Path

    Find out how the PCI DSS Implementation Training Course will help you start or enhance your knowledge and career.

    This course is an essential component of the following learning path:

  • Information Security roles

  • ×

    Why choose IT Governance for your training needs?

  • We’re a QSA (Qualified Security Assessor) – we’re approved by the PCI SCC (Security Standards Council), which means we regularly audit PCI compliance across a wide range of organisations.
  • Trained by industry experts – our trainers are working consultants with years of practical, hands-on experience.
  • Pass first time or train again for free – we have trained more than 28,000 people and we’re confident you’ll pass with us first time. If you don’t, we’ll train you again for free.*
  • Learn from anywhere – as a company that fully embraces flexible and remote working, we have adjusted our delivery methods to allow you to learn from anywhere. Our Classroom / Live Online delivery option enables you to attend either in person or online.
  • Access your training anywhere – all our course materials are provided as a digital copy, allowing you to access them anywhere and at any time. Documents will be made available 20 days before your course.
  • Business solutions to suit you – whether you’re a multinational wanting us to manage all your training needs or a small business wishing to boost your workforce skills, we offer a range of training solutions.

  • * Terms and conditions apply

    Course details

    What does this course cover?

    Day 1

  • Applying PCI DSS scoping techniques to a given environment.
  • Defining and identifying the relationship between each of the 12 PCI DSS requirements and an organisation.
  • Installing and maintaining network security controls.
  • How to apply secure configurations to all system components using tools and sites.
  • Methods of storing cardholder data and assurance to confirm data locations.
  • Methods of encryption and cryptography for the transmission of cardholder data across open, public networks.
  • Selecting antivirus solutions for traditional and organisational settings.

  • Day 2

  • The OWASP (Open Web Application Security Project) Top 10 and identifying updates to the risk register.
  • Managing access to cardholder data by users with different job roles.
  • Identifying user accounts and implementing MFA (multifactor authentication) where required.
  • Constructing a merchant premises that restricts physical access and includes locks, RFID, CCTV, PED storage and PED checks.
  • Analysing and reviewing logs in the event viewer to identify access to network resources.
  • Determining appropriate testing methods such as penetration testing, vulnerability scanning, ASV scanning and segmentation testing.

  • Day 3

  • How to maintain an information security policy for all users.
  • Understanding the option of using a customised approach.
  • How to carry out a risk analysis.
  • PCI DSS implementation readiness preparation and exercise.
  • Summary and exam preparation.

  • What’s included in this course?

  • Full course materials (digital copy provided as a PDF file).
  • The PCI DSS Implementation exam.
  • A certificate of attendance.

  • What equipment do I need?

    You will need a laptop and webcam for the duration of your course and exam.

    Course duration and times

    Day 1: 9:30 am – 5:00 pm
    Day 2: 9:30 am – 5:00 pm
    Day 3: 9:30 am – 5:00 pm

    Are there any prerequisites for this course?

    There are no formal entry requirements for this course. We will, however, assume that participants have a foundational knowledge of PCI DSS v4.0 along with the technical vocabulary to understand systems, technology and processes described by the Standard. We strongly recommend taking the PCI DSS Foundation Training Course before starting this course.

    Is there any recommended reading?

    We recommend that all participants read the PCI DSS , available to download for free from the PCI Security Standards Council website.

    Exams and qualifications

    PCI DSS Implementation exam

    Candidates take the PCI DSS Implementation (PCI IM) exam set by IBITGQ ( International Board for IT Governance Qualifications ). There is no extra charge for this exam.

  • Delivery method: Online
  • Duration: 90 minutes
  • Questions: 40
  • Format: Multiple choice
  • Pass mark: 65%

  • This course is equivalent to:


    CPD points

    What qualifications will I receive?

    PCI DSS Implementation (PCI IM).


    This course is accredited by IBITGQ (International Board for IT Governance Qualifications).

    IBITGQ (International Board for IT Governance Qualifications) is a personnel certification body that certifies individuals in the field of IT governance.

    IBITGQ is accredited to the ISO/IEC 17024:2012 standard ( Conformity assessment – General requirements for bodies operating certification of persons ) by IAS (International Accreditation Service). ISO 17024 is a global, industry-recognised benchmark, and qualifications accredited to this standard are recognised and highly valued by employers throughout the world.

    You can demonstrate your professional and practical knowledge and expertise by registering your qualification on the IBITGQ/ GASQ successful candidate register .

    How will I receive my exam results and certificates?

  • Provisional exam results will be available immediately on completion of the exam. Confirmed exam results will be issued within ten working days from the date of the exam.
  • Certificates for those who have achieved a passing grade will be issued within ten working days from the date of the exam.
  • Results notifications and certificates are sent directly to candidates by the relevant exam board in electronic format; please note that hard copy exam certificates are not issued.

  • Do I need proof of identity to take the exam?

    Delegates must bring a form of photographic ID with them as the invigilator my request to check it prior to the exam.

    Can exams be retaken?

    Yes, you can retake the exam at an extra cost if you are unsuccessful on the first attempt. You can email us to schedule the retest for the exam.

    Ways to learn

    Learn from anywhere with our range of instructor-led courses

    Wherever you are in the world, you can now attend an IT Governance online course, and get the full benefit of a classroom session.

    To make your life as easy as possible, we offer 3 ways to attend an instructor-led course:


    Our instructor-led courses are hosted at professional training centres located in major cities across the UK.

    Learn more

    Live Online

    Our instructor-led Live Online courses are hosted and delivered live by one of our expert trainers.

    Learn more

    Learn from anywhere

    Our instructor-led Classroom / Live Online courses give you the fl


    Start date Location / delivery
    28 Jun 2023 United Kingdom Book now

    Related article

    Ready to elevate your career development and give yourself the skills to succeed in computer science?