Special Interest Groups

Special Interest Groups

Special Interest Groups (SIGs) are community-driven initiatives that play a key role in the development of resources for the payment card industry. Involvement in a SIG is a great way to provide your expertise to the PCI Council and help develop practical payment security resources for the industry.

Special Interest Group (SIG) Proposals FAQ

Participating Organizations (PO), Qualified Security Assessors (QSA), Approved Scanning Vendors (ASV), Qualified PIN Assessors (QPA), Card Production Security Assessors (CPSA), Software Security Framework (SSF) Assessors, Founding Members, Strategic Members, and Affiliate Members may propose a Special Interest Group during the proposal period.

If you have any questions about the SIG proposal process, please contact sigs@pcisecuritystandards.org.

Special Interest Group (SIG) initiatives focus on specific payment security technologies or challenges about which the PCI community wants to provide guidance. Recent SIG topics include: Guidance for Containers and Container Orchestration Tools Cloud ComputingBest Practices for Securing E-CommerceThird-Party Security AssuranceBest Practices for Maintaining PCI DSS ComplianceProtecting Telephone-based Payment Card Data, PCI DSS for Large Organizations and PCI DSS Scoping and Segmentation Guidance for Modern Network Architectures.

SIG initiatives may provide clarification on specific requirements within a PCI Security Standard, examine how PCI Security Standards work within a given industry or environment, or cover any other area that supports PCI SSC’s mission of raising awareness and increasing adoption of PCI Security Standards. Since the PCI SSC is focused on providing tools and resources to secure payment card data within the current payment system and must also operate within a strict anti-trust framework, a focus outside of the current payment system is beyond our scope and would not be an appropriate topic for a PCI SSC SIG.

SIG topics are chosen by the PCI SSC Participating Organizations, which represent merchants, financial institutions, vendors, associations, and payment processors. This ensures that the stakeholders involved in implementing and supporting the PCI Security Standards can select which SIG projects would be most beneficial to their needs.

SIG topics may be proposed during a defined submission period. At the close of the submission period, SIG proposals are consolidated, and presentations are prepared for Participating Organizations to review via the PCI portal. An election period is then initiated for Participating Organizations to vote on their preferred SIG topics. After voting is concluded, PCI SSC announces the results and works with the selected group to create a charter for the new SIG.

A PCI SSC representative will chair, lead and project manage SIG work. This collaboration allows SIG volunteers to focus on contributing subject matter expertise and developing content, without responsibility for logistical matters. This structure also ensures continued alignment between SIG contributions and PCI SSC direction.

While PCI SSC provides support and facilitates the SIG process, it is through active participation and contributions by stakeholders that make a SIG successful. Participating in the SIG process, whether submitting a proposal, voting for a proposal, or serving as a lead contributor to a SIG deliverable, is one of the best ways PCI stakeholders can take part in our mission to increase payment data security globally.