Are you the victim of a security incident? Contact our CERT


Upgrade to PCI DSS v4.0 with peace of mind

Organizations that store, transmit or handle bankcard data all have a growing stake in the security of this data, and this is all the more true with the publication of the European regulation on the protection of personal data (GDPR). Faced with the risks of fraud, the PCI Council has developed standards aimed at protecting bankcard data.
This one-day express training course is here to explain everything you need to know about developments relating to PCI DSS v4.0, so that you can best prepare your organization and drive the necessary changes under the best possible conditions.

Course overview

  • The PCI DSS standard in brief
  • Presentation of the changes from PCI DSS v3.2.1 to v4.0
  • Understanding the impact on your organization
  • Prepare for the necessary changes

Course Curriculum

Morning: Understanding the changes in v4.0

  • What is PCI DSS?
  • Review of the different versions of the PCI DSS standard
  • Why a new version of the standard? What are the major issues?
  • Key dates in the lifecycle of v3.2.1 & v4.0 standards
  • Presentation of the nature of the changes made
  • Presentation of PCI DSS standard evolutions
    • “Defined Approach” vs. “Customized Approach”
    • Mandatory requirements immediately for v4.0 audits
    • Mandatory requirements later (Best practices before 03/31/2025)
  • What about compensatory controls in v4.0?
  • What about SAQs in v4.0?

Afternoon: Preparing for change

Understanding the impact on your organization

  • New requirements applicable to all entities
  • New requirements applicable only to service providers

Preparing for change within my organization

  • Requirements with a technical impact
  • Requirements with an organizational impact
  • Requirements with a contractual impact
  • Requirements with an impact on personnel

How to best use the “Customized Approach”

  • Risks associated with this approach
  • Obligations relating to this approach
  • Almond’s recommendations on how to use this approach successfully

Method of Assessment

Validate your knowledge in a fun way with case studies and quizzes

Training benefits

This course is based on alternating theoretical and practical sessions:

  • An express one-day format
  • Benefit from the wealth of experience of our QSA trainers

Who should attend?

  • Directors, CISOs, CIOs, CFOs, buyers, lawyers, human resources managers…
  • PCI DSS project managers, security correspondents, auditors, technical architects, operators…”

Entry Requirements

  • Organization already in PCI DSS RUN phase for v3.2.1 standard
  • Organization currently undergoing v3.2.1 certification
  • Organization in the process of BUILD PCI DSS on v3.2.1

How and when to access

The participant is considered registered when:

  • The prerequisites and needs are identified and validated
  • The training agreement is signed

Registration requests can be sent up to 10 working days before the start of the training.


Whether you are recognized as having a disability or not, making our training accessible to everyone is part of our commitment.

If you need compensation or adaptation for the content, the supports, the “venue”, the material used, the schedules, the rhythm, we are at your disposal.

To go further

This training course is a preparation for the following training course:


1 day (7 hours)


€ 1000


OPCO support

Download the training sheet in PDF format

Would you like more information?

+33 (0)2 55 59 01 11

Almond commits itself to ensure that the collection and processing of your data, carried out from the site, are in conformity with the General Data Protection Regulation (GDPR) and with the modified law n° 78-17 of January 6, 1978, relating to the protection of personal data. The information collected on this form is recorded in a file computerized by Almond, in order to answer the requests for information. You can access the data concerning you, ask for their correction or their deletion. You also have a right of opposition, and a right to limit the processing of your data (see for more information on your rights). You can exercise your rights by contacting Almond's Data Protection Officer at the following address: [email protected]. Your data will be kept within the European Union, in accordance with the regulations in force.