Keeping up with the dynamic PCI DSS standard is hard. With recent increases in contactless sales and e-commerce threats along with the anticipated PCI DSS v4.0 release, could you use some guidance on how to optimize your resources for this significant change to your security strategy?

Join us at The Treasury Institute for Higher Education‘s PCI DSS Virtual Workshop 2021 to get user scenarios and a reasonable security framework to best prepare you for PCI compliance in the year ahead.

REAL-WORLD EXAMPLES – Tuesday, June 15, 2021 | 10:30-11am EDT

What Litigators and Regulators have taught a QSA about PCI Compliance and Reasonable Security

Having a PCI DSS compliant validation does not stop litigators and regulators from suing you after a breach. To reduce the impact of a breach, organizations have to be able to show lawyers that they were using reasonable security.

Attendees will learn:

  • What lawyers ask to see after a breach
  • How the checkbox approach hurts you after the breach
  • How to protect yourself and others


Viviana Wesley, CISM, PCI QSA, ISO 27001 Auditor | Principal Consultant, Governance and Compliance Services

PCI Compliance

REASONABLE SECURITYWednesday, June 16, 2021 | 2:45-3:15pm EDT

DoCRA (Duty of Care Risk Assessment) for PCI DSS: What you should do to prepare

With PCI DSS 4.0 moving towards a risk-based approach, organizations will have to adapt their frameworks. The Duty of Care Risk Assessment (DoCRA) showcases how you can achieve reasonable security and achieve PCI DSS compliance. By balancing mission, objectives, and obligations, companies can streamline their risk strategies based on their specific work environment. The duty of care approach helps prioritize controls and budget while meeting the needs of all interested parties – card holders, regulators, litigators, business, public.

Attendees will learn how to:

  • Conduct your risk assessments so you are ready for PCI DSS 4.0
  • Estimate the likelihood of risks
  • Prepare and respond to regulatory investigations and plaintiffs’ lawsuits


  • Viviana Wesley, CISM, PCI QSA, ISO 27001 Auditor | Principal Consultant, Governance and Compliance Services
  • Chris Cronin, ISO 27001 Auditor | Partner, Governance & Compliance Services

PCI DSS Risk Assessment

REAL-TIME DISCUSSION Thursday, June 17, 2021 | 10-10:30am EDT

Live Q&A or discussion on PCI DSS 4.0 and Duty of Care Risk Assessment

A recap of our first 2 sessions and a live discussion with attendees on questions.


  • Viviana Wesley, CISM, PCI QSA, ISO 27001 Auditor | Principal Consultant, Governance and Compliance Services
  • Chris Cronin, ISO 27001 Auditor | Partner, Governance and Compliance Services


The workshop explores the unique PCI compliance challenges facing Higher Education institutions and how institutions can achieve and maintain compliance. It is geared toward business, financial, or IT managers responsible for PCI DSS.

The PCI DSS Virtual Workshop 2021 will focus on preparing for PCI DSS v4.0 and will introduce new sessions about other current and upcoming payment methods.