Requirement 14: Assign PA-DSS responsibilities for personnel, and maintain training programs for personnel, customers, resellers, and integrators

Details about how requirement 14 and subrequirements 14.1, 14.2, and 14.3 are fulfilled.

Requirement 14.1

Provide training in information security and PA-DSS for vendor personnel with PA-DSS responsibility at least annually.

Training is provided at least annually for personnel with PA-DSS responsibilities.

Requirement 14.2

Assign roles and responsibilities to vendor personnel including the following:

  • Overall accountability for meeting all the requirements in PA-DSS.
  • Keeping up-to-date within any changes in the PCI SSC PA-DSS Program Guide.
  • Ensuring secure coding practices are followed.
  • Ensuring integrators/resellers receive training and supporting materials.
  • Ensuring all vendor personnel with PA-DSS responsibilities, including developers, receive training.

Roles for all responsibilities are assigned to IBM® Safer Payments team members. To obtain the list of all responsible persons, request it from your account manager.

Requirement 14.3

Develop and implement training and communication programs to ensure payment application resellers and integrators know how to implement the payment application and related systems and networks according to the PA-DSS Implementation Guide and in a PCI DSS compliant manner.

All staff who is involved in IBM Safer Payments implementation and support is educated regarding PCI DSS requirements and is supplied with training materials. The same applies to staff of our resellers and integrators, if they support IBM Safer Payments installations in scope of PCI DSS.

14.3.1 Review training materials at least annually and upon changes to the application or to PA-DSS requirements. Update the training materials as needed to keep the documentation current with new payment application versions and changes to PA-DSS requirements.

Training materials are reviewed/updated at least annually, and whenever a new software version is released.

To obtain the most current set of the training materials, request them from your account manager.