The entities that store, transmit or process cardholder data have all increasing security needs about them. This stake is even more real with the publication of the European General Data Protection Regulation (GDPR). To fight the risk of fraud, the PCI Council develops and maintains standards to protect cardholder data.

This one-day express training course is designed to explain all the evolutions related to PCI DSS v4.0 in order to prepare your organization for the necessary changes the best way.

Distance learning training


  • The PCI DSS standard in brief
  • Presentation of the evolutions of the PCI DSS standard v3.2.1 => v4.0
  • Understanding the impact on your organization
  • Prepare to lead the necessary changes

Course Curriculum

Understanding the changes in v4.0


  • Reminder of what PCI DSS is
  • Reminder of the different versions of the PCI DSS standard
  • Why a new version of the standard? What are the major challenges?
  • Key dates to remember on the v3.2.1 & v4.0 repository life cycle
  • Presentation of the nature of the changes made
  • Presentation of the evolutions of the PCI DSS standard
    • “Defined Approach” vs. “Customized Approach”
    • Immediate mandatory requirements for v4.0 audits
    • Mandatory requirements for later (Best practices before 03/31/2025)
  • What about compensatory controls in v4.0?
  • What about SAQs in v4.0?

Preparing for change


  • Understanding the impact on your organization
    • New requirements applicable to all entities
    • New requirements applicable only to service providers
  • Preparing for change in my organization
    • Requirements with a technical impact
    • Requirements with an organizational impact
    • Requirements with a contractual impact
    • Requirements impacting your staff
  • Using the Customized Approach Well
    • The risks associated with this approach
    • The obligations related to this approach
    • Almond’s recommendations for using this approach


  • Validate your knowledge in a funny way through case studies and quizzes

The +

  • This training is based on the alternation of theoretical and practical time:
    • A 1-day express format.
    • Benefit from the rich experience of our QSA trainers

Who should attend?

  • Directors, CISO, Chief Information Officer, Financial directors, Buyers, Lawyers, Human Resources Directors…
  • PCI DSS Project Managers, Security Correspondents, Auditors, Technical Architects, Production Operators…


  • Organization already either in PCI DSS RUN or BUILD phase for PCI DSS v3.2.1
  • Organization in the process of certification to the v3.2.1 standard
  • Organization already either in PCI DSS RUN or BUILD phase for PCI DSS v3.2.1

How and
when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 5 working days before the start of the training.


Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment. If you need compensation or adaptation for the content, the supports, the place, the material used, the schedules, the rhythm, we are at your disposal.


1 day (7 h)



+ OPCO support

Download the educational sheet in PDF format

Would you like more information?

contact us by filling out this form

    Almond commits itself to ensure that the collection and processing of your data, carried out from the site, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data.
    The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information.
    You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see for more information on your rights).
    You can exercise your rights by contacting Almond's Data Protection Officer at the following address:
    Your data will be kept within the European Union, in accordance with the regulations in force.