|
The PCI Security Standards Council, also referred to as PCI SSC, has launched on the 10th of March 2011 the PCI ASV Training program for improving the quality of the ASV (Approved Scanning Vendor) services for merchants and other service providers using cardholder information.
The objective of PCI ASV Training
The main goal is to improve the quality of the ASV scanning services and also to increase the consistency of these services. In this way, the validation process and evaluation of the PCI DSS requirements will be more accurate and it will be in everybody’s interest: the major credit card brands, the merchants and the customers.
After passing this PCI ASV training the merchants and service provider can be confident that the ASV representatives have the necessary experience to evaluate, assess and report the scan results by using the right equipment and skills. The ASV representatives will be better trained when dealing with different situations and trained to better serve their customers in order to ensure accuracy and consistency of the scan results.
PCI ASV Training- Syllabus
This training is appropriate and suitable for all the staff and security personnel of ASV companies and focuses on three main areas of interest:
PCI (Payment Card Industry)
PCI DSS requirements (Payment Card Industry Data Security Standards): Overview, Payment Industry Terminology, PCI compliance validation, PCI requirements and process,
ASV scanning procedures and testing techniques: General requirements for scanning, assessment and reporting
The PCI ASV Training concludes with an exam and is the attendee passes the exam the ASV company will be awarded a certificate to validate the employee in the next 12 months. In addition, the ASV employee will also be included in the list of PCI DSS according to each ASV company.
Additional requirements
In order to pass the PCI ASV training, there are a set of validation requirements and finally an exam. One of these validation requirements involves, starting with the 1st of June 2011, training for at least 2 employees from each ASV company by means of this PCI ASV training program. In this way, it will make sure that the ASV staff from each company is properly trained and has the right knowledge to assess and provide reports related to the integrity of gathering cardholder data and information.
The ASVs assist merchants in their efforts to achieve PCI compliance, thus these representatives must be equipped with the right knowledge and techniques of PCI compliance. There are more than 130 ASVs listed on the website of PCI SSC. However, the validation requirements for all ASVs have been updated in 2011 and include the PCI ASV Training for their employees and representatives. This is why this training is so important.
After completing this training, the qualified staff of each ASV company will be under the supervision of PCI SCC and declared as “Qualified ASV Employee” so that all merchants can be aware of highly-trained and efficient ASV staff.
The PCI ASV final exam
After following the online courses included in the PCI ASV training, an exam must be sustained. It included questions regarding the PCI DSS requirements, ASV procedures and techniques and allows testing the key competences related to evaluation and reporting related to PCI compliance requirements.
The Course Schedule of PCI ASV Training
The training includes an intensive eight-hour online course which is divided into two-week block which are held twice a month during the period of 1st-14th respectively the 15th-28th The first session will take places between March 15th -1st of April, followed by 1st of April – 15th of April and on son. This involves ongoing courses available online.
The ASV companies that fulfill the validation requirements before the 1st of June 2011, will have to qualify at least 2 employees from the company by means of the PCI ASV Training. The other ASV companies will have to qualify at least 2 employees of the company by means of the PCI ASV Training prior to their validation renewal.
All in all, the PCI ASV training will enable ASV staff and employees dealing with security operations to improve their skills and knowledge as well as methods used in the assessment, evaluation and reporting of scanning results related to PCI compliance. In addition, the merchants will be able to deal only with experienced and certified ASV representatives. The costs involved in this training will be definitely worth it on the long run since more quality and efficiency will result from the work of certified ASV employees.
|
