PCI Security Standards Council®

Special Interest Groups

Special Interest Groups (SIGs) are community-driven initiatives that focus on payment security challenges related to PCI Security Standards.

PCI DSS for Large Organizations as 2019 SIG Topic

PCI SSC Participating Organizations voted to select PCI DSS for Large Organizations as the focus of the 2019 Special Interest Group (SIG). This SIG will consider ways of structuring PCI DSS assessments for large organizations, any internal impacts, and approaches to manage and coordinate assessments.

Involvement in Special Interest Groups is a great way to provide your expertise to the PCI Council and develop practical payment security resources for the industry.

The new group will commence in March and the deliverables are expected to be published at the end of 2019.

If you are a Participating Organization, QSA, ASV or Affiliate Member, and would like to join this SIG, please click the ‘Register’ button below and complete the interest form.

Register Here

2019 Special Interest Group (SIG) Proposals FAQ

Who can form a SIG? How can I propose one?

Any Participating Organization (PO), Qualified Security Assessor (QSA), Approved Scanning Vendor (ASV), and PCI Council Member* are invited to propose a Special Interest Group during an open proposal period that runs between 15 August and 12 September 2018. At the close of the submission period on 12 September, the PCI SSC will review and consolidate proposals, and SIG candidates will provide presentations for Participating Organization review via the PO portal.

* PCI Council Members is defined as PCI SSC Staff, Payment Brands, Affiliate Members or Strategic Members.

How will SIGs be chosen?

SIGs will be chosen directly by Participating Organizations during a formal election period. This is designed to ensure that those stakeholders involved in implementing and supporting the PCI Security Standards have the opportunity to choose projects most beneficial to their needs.

At the close of the submission period on 12 September, the PCI SSC will review and consolidate proposals, and SIG candidates will provide presentations for Participating Organization review via the PO portal. Once these presentations are made available, Participating Organizations will be able to select and prioritize at least two and maximum of three SIG proposals using a voting tool on the PO portal. The PCI SSC will share results in January 2019 and work with the selected groups to create charters prior to the commencement of the new SIG(s).

What are some of the areas that SIGs have covered in the past? What topics are appropriate for SIG projects?

Special Interest Group (SIG) initiatives focus on specific payment security challenges that the PCI community wants guidance on addressing. Recent SIG topics include: Cloud Computing, Best Practices for Safe E-Commerce, Effective Daily Log Monitoring and Third-Party Security Assurance.

SIG work may provide clarification on specific requirements within a PCI Standard, examine how PCI Standards work within any given industry or environment, or any other area that supports the Council's mission of raising awareness and increasing adoption of PCI Standards. Since the PCI SSC is focused on providing tools and resources to secure payment card data within the current payment system, and must also operate within a strict anti-trust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG project.

Who will lead the SIGs?

A PCI SSC representative will chair, lead and project manage SIG work. This collaboration will free SIG volunteers to focus on contributing subject matter expertise, without responsibility for logistical matters. This also ensures greater alignment between SIG volunteer contributions and PCI SSC direction.



2018 Project: Best Practices for Maintaining PCI DSS Compliance

The Best Practices for Maintaining PCI DSS Compliance was published on 29 January 2019

2018 Project: Protecting Telephone-based Payment Card Data

The Protecting Telephone-based Payment Card Data was published on 27 November 2018

2017 Project: PCI SSC Cloud Computing Guidelines

The PCI SSC Cloud Computing Guidelines was published on 4 April 2018

2016 Project: Best Practices for Safe E-Commerce

The Best Practices for Securing E-commerce guidance document was published on 31 January 2017

Our website uses both essential and non-essential cookies to analyze use of our products and services. This agreement applies to non-essential cookies only. By accepting, you are agreeing to third parties receiving information about your usage and activities. If you choose to decline this agreement, we will continue to use essential cookies for the operation of the website. View Policy

Powered By OneLink