PCI DSS version 3.1 Workshop



2 DayTraining, on 25-26 June 2015 - Sarajevo, Bosnia and Herzegovina

"Any entity that processes Visa card data is required to comply with PCI DSS - this includes banks / companies.

Measures taken against banks/companies that do not comply are confidential - but can include both fines and in extreme situations disconnection!"

In a quest to further promote and develop payment industry and security in the Balkan region, NetHost Legislation UK, in cooperation with Consalta, Sarajevo has designed a High Level Training on Payment Card Industry Data Security Standard (PCI DSS) implementation and certification for the interested parties in financial and payment industry in Bosnia and Herzegovina.


PCI DSS, the results of the convergence of Visa, Master Card, American Express and other payment brands respective security standards, is here to stay! More so, Visa and Mater Card are begining to issue fines to the institutions that process/store/transmit payment data but lack compliance. The fact is that PCI DSS impacts all companies that process/store/transmit payment card information.

 This A-Z training on PCI DSS is based on PCI Internal Security Assessor (ISA) methodology and attendees are equipped with comparable knowledge as an ISA. As a result, attendees are able to maintain and facilitate PCI DSS corporate implementation. It is a 2 day intense training with an exam on the last day. Attendees should have an ICT or audit/control or project management background.


The PCI- QSA training program is rich in knowledge and techniques and includes:

  • PCI Industry Overview- In depth coverage of the payment card industry, the terminology used to describe its key aspects, the flow of data through the various payment card mechanisms and the relationships between the various actors in the process.
  • What is PCI and what does it mean to companies that must meet compliance with the DSS? – An overview of the payment card industry, the terminology used within the industry, the flow of transaction data through the various components that make up the payment card industry, and the relationships between the various organizations in the process.
  • How the credit card brands differ in their validation and reporting requirements? – Detailed coverage of the classifications and compliance requirements for merchants and service providers and details about the various card brands’ compliance programs.
  • Roles and Responsibilities – Descriptions of the key actors in the compliance process including high-level overviews of the Qualified Security Assessor (QSA), Internal Security Assessor (ISA), Payment Application Qualified Security Assessor (PA-QSA) and Approved Scanning Vendor (ASV) programs.
  • PCI Data Security Standard (DSS) – An overview of the current DSS (version 3.1), the testing procedures for validating compliance, and what constitutes compliance with the requirements.
  • PCI Hardware and Communications Infrastructure – Generalized overview of the types of devices used by organizations to accept payment cards and communicate with the verification and payment facilities.
  • PCI Reporting – An overview of the different types of reports that must be submitted to the card brands or their designated agents to demonstrate compliance (or non-compliance) of the organizations filing the reports.
  • Real world examples – An overview of compliance issues and mitigation strategies including defining compensating controls, creating policies and modifying the cardholder data environment.
  • PCI Thresholds and Brand Specific Requirements – Detailed coverage of the classifications and compliance requirements for merchants, service providers and vendors and the various specific requirements imposed by the various card brands.
  • PCI –Data Security Specification (DSS) - In-depth training an every aspect of the current DSS including requirements, reasoning and what constitutes compliance with the requirement.
  • PCI Code Review and Analysis – In-depth training on executing code reviews and locating non PCI compliant constructs and procedures in applications that implement payment card processing systems.
  • PCI Hardware and Communications Infrastructure – In-depth training on the current state of typical devices and connectivity used by organizations to accept payment cards, and communicate with the verification and payment facilities.
  • PCI Reporting – In depth training on constructing and filing the necessary compliance reports and techniques for communicating results to those being audited.


 PCI Security Council objectives and documentation

  • Specific terminology and its application to existing situations
  • How the Standard applies to everyone involved with cardholder information
  • How the implementation of the Standard is validated, dependent on levels of activity
  • Cardholder data that can/cannot be held
  • The relevance of different system components
  • Detailed requirements of the Standard
  • How compliance is assessed and whether compensating controls are acceptable
  • Compilation of the Report on Compliance (ROC)
  • Special considerations for hosting providers
  • An action plan to achieve compliance


  • Gain an understanding of the importance of the Standard to all organisations using, processing or transmitting credit card
  • An appreciation of the controls necessary to be able to continue dealing with cardholder
  • The history of the PCI DSS standard
  • Key principles and requirements of the standard
  • Compliance with the standard - who does it relate to & at what level?
  • The route to compliance - self assessment & audit
  • Preparing an implementation plan

The above training programme is facilitated by a PCI DSS Qualified Security Assessor (QSA) Company based in the United Kingdom. Further more the facilitator, dr. Abiola is a QSA with extensive years in the information security compliance industry. This is an opportunity to get training by a seasoned professional QSA and security practitioner, and get answers to ALL your PCI DSS challenges.


Training Agenda / Sessions






















  • Open Book
  • 20 Questions- Essay
  • Time Duration- 1 hour 30 minutes
  • Certificates will be issued for exam grade over 69% ONLY
  • All Certificates will be emailed


On successful completion of the programme you will be awarded: International Certificate issued by NetHost Legislation (UK) Ltd.


  • Card issuers and processors
  • Top and middle management from the banking and financial system
  • Heads of Operations
  • Heads of Internal and External Audit
  • Compliance Managers
  • Compliance Officers
  • Head of IT & Security
  • Staff from Operations Department, Compliance Department, IT & Security Department, Internal  and External Audit Department


Have the ability to complete the reading and written aspects of the programme in English.


Mahir Boloban

Phone:         ++ 387 61 034-268
B. Mutevelića 67,71000 Sarajevo, B&H
This e-mail address is being protected from spambots. You need JavaScript enabled to view it




                                                                           Training Seasons