PCI DSS includes technical and operational requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures to prevent payment card fraud, hacking and various other security vulnerabilities and threats.

The standards apply to all organizations that store, process or transmit cardholder data (CHD) and/or sensitive authentication data (SAD) or could impact the security of the CHD and/or SAD. Pursuant to PCI DSS requirement 12.6, security awareness education is ongoing. All personnel who utilize or support the processing of payment cards must have completed “Protecting Brown’s Information” security training and PCI DSS training prior to receiving access to system components that could impact the security of cardholder data. PCI DSS training is required on an annual basis.