PCI Point-to-Point Encryption (P2PE)™ Assessor Qualification

The Point-to-Point Encryption Assessor (P2PE Assessor) and Point-to-Point Encryption Application Assessor (P2PE Application Assessor) training programs prepare candidates to perform validation of Point-to-Point Encryption solutions and applications against the latest standard in order for those solutions and applications to be listed on the PCI Security Standards Council website. This course provides a foundation of understanding each of the comprehensive requirements included in the Point-to-Point Encryption Standard. Depending on prerequisites, candidates may earn P2PE Assessor qualification and/or P2PE Application Assessor qualification.

Course Highlights

The training program is comprised of either an eLearning course and one-day remote instructor-led training class with exam through Pearson Vue, or an intensive two-day instructor-led course and exam.

The training program covers the Point-to-Point Encryption requirements, sub-requirements and associated testing procedures in depth, along with cryptography, key management techniques, and solution-specific assessment techniques. Candidates will learn how to:

  • Build, test and deploy solutions that provide the tools necessary for PCI Data Security Standard compliance 
  • Evaluate Point-to-Point Encryption solutions on behalf of the applicable Solution Providers and submit them directly to the PCI Security Standards Council for review and acceptance
  • Assess in-depth information about all domains included in the Point-to-Point Encryption Standard 
  • Test and assess Point-to-Point Encryption solutions
  • Prepare basic cryptography, key management techniques, and solution specific assessment techniques 

In addition, candidates for P2PE Application Assessor will learn how to:

  • Evaluate Point-to-Point Encryption Applications
  • Complete the P2PE P-ROV and P2PE AOV documentation that are required for submission of completed assessments
  • Submit the P2PE P-ROV and P2PE AOV documentation on behalf of the Solution Providers and Application Vendors

Right for You?

You are a current Qualified Security Assessor or Qualified PIN Assessor interested in performing assessments of third-party Point-to-Point Encryption applications and solutions. Typical job titles include: IT Security Auditor, Payment System Security, Auditor & Information Risk Consultant, Security Consultant.

Digital Badging

When you become a Point-to-Point Encryption Assessor, display your digital badge and represent your skills and gives you a way to share your abilities online in a way that is simple, trusted and can be easily verified in real time.

Schedule

  • 9 Jan 2023

    09:00-17:30 EST

    Remote

  • 6 Apr 2023

    09:00-17:30 EDT

    Remote

Remote classes are a combination of eLearning and a live webinar.

training-become-qsa-company-2

Become a P2PE Assessor when you take this class and become qualified.

Prices

Course Price

New P2PE Training (P2PE Assessor and P2PE Application Assessor)

USD 3,300

Requalification P2PE (P2PE Assessor and P2PE Application Assessor) Training

USD 3,300

Knowledge Training Non-PO *

USD 1,500

Knowledge Training PO *

USD 1,200

Please note: Unless otherwise specified the training and exam will be delivered in English.

Price does not include any applicable VAT/HST/GST which will appear on your invoice.

* Knowledge training does not lead to assessor status.

training-extra

Your organization must be a QSA company to register candidates for P2PE training.

How to Prepare for the Exam

Prior to attending the assessor training session it is strongly recommended you familiarize yourself with the following publications:
  • PCI DSS Requirements and Security Assessment Procedures
  • PCI PIN Transaction Security (PTS) Point of Interaction (POI) – Modular Security Requirements
  • PCI Hardware Security Module (HSM) Security Requirements
  • PCI PIN Transaction Security (PTS) Device Testing and Program Approval Guide
  • PCI DSS Glossary of Terms, Abbreviations, and Acronyms
  • PCI DSS QSA Qualification Requirements – Supplement for Point-to-Point Encryption Security Assessors

The following documents must be reviewed in advance of the course:

  • P2PE Standard
  • P2PE Glossary
training-doc-library-3

Visit our document library for access to all P2PE documentation.

Exam Information

Candidates will participate in a two day class. Application candidates will be required to attend an additional session on Domain 2 and take a second exam. Candidates must pass both examinations to become approved Application assessors.

Instructor-led

P2PE Assessor training is a two-day intensive instructor-led course providing:

  • In-person engagement and collaboration as well as networking opportunities
  • Ability to focus on curriculum in classroom setting
  • Learn directly from an expert PCI SSC trainer with hands-on experience assessing merchants and/or service providers

Attendance during the entire two day course is mandatory. Missing more than 30 minutes of the class will automatically result in forfeiture of the PCI SSC P2PE exam and removal from the class.

Taking the exam – The certification exam is given immediately following the instructor-led course. The only document you will be allowed to reference during the testing is a translation dictionary, if needed.  No electronic devices may be used during the exam. This is a closed book exam. The exam consists of 75 multiple choice questions and you will have 90 minutes to complete it. 

*P2PE Application Assessor candidates will also be required to complete an additional exam specifically covering assessment of P2PE applications.

The Primary Contact at the P2PE Assessor Company will be notified of results within two weeks after the candidate attends the instructor-led PCI P2PE Assessor training and exam. Employees who do not meet the minimum passing score set by the PCI SSC may retake New P2PE training and exam, upon registration and payment of a new invoice. For each attendee that passes the exam, the P2PE Assessor Company will receive a certificate that validates the employee for the next 12 months.

Registration Process

In order to attend a P2PE training class, your company must already be a validated P2PE Assessor and/or P2PE Application Assessor Company and you must be a full time employee. Please see the P2PE Qualification Requirements for more details.

All training requirements must be submitted by the P2PE Assessor or P2PE Application Assessor Company Assigned Primary Contact through the PCI SSC’s Secure P2PE Portal. To receive access to the Portal, the Primary Contact must email the PCI P2PE Program Manager at: p2pe@pcisecuritystandards.org.

All candidates must apply to the program and be approved by the PCI Council to participate. Other requirements include:

  • Must be a Qualified Security Assessor or Qualified PIN Assessor
  • Must be employed by a QSA or QPA, and, if applicable, Secure Software Assessor Company that meets the requirements for a P2PE Assessor Company (or P2PE Application Assessor Company, as applicable)
  • Must have completed two PCI Data Security Standard assessments
  • Must have in-depth knowledge of cryptographic and key management techniques

Requalification Requirements

In order to maintain the high standards set for this certification, all P2PE employees must re-certify every 12 months in order to continue as a P2PE Assessor or P2PE Application Assessor.

All training inquiries and assignments must be submitted through the P2PE Company’s primary contact. PCI SSC requires all training attendees to be full time employees of the P2PE Company that they were initially hired by.

*Note: Payment of the training invoice must be received before login information will be sent to the candidate.

Continuing Professional Education (CPE) Hours

New P2PE Assessor training is granted 16 CPE hours. Requal P2PE Assessor is granted 4 CPE hours and requal P2PE Application Assessor is granted 1 CPE hour.

The P2PE training is the most technically complex training, specifically surrounding encryption. It was very helpful to thoroughly understand what we as P2PE Assessors are required to test.