Home

QSAs

Qualified Security Assessor (QSA) is a professional designation conferred by the PCI Security Standards Council (PCI SSC) to individuals who evaluate and validate an organization’s compliance with PCI Security Standards, most notably the PCI Data Security Standard (PCI DSS). QSAs are typically employed by PCI SSC-approved QSA companies or hired as independent contractors, and must meet PCI SSC requirements, including training and adherence to confidentiality and ethics guidelines.

QSAs perform on-site assessments to determine the scope of cardholder data environments, test security controls, interview

To become a QSA, candidates join a PCI SSC-approved QSA company, complete the required PCI SSC training,

QSAs operate within the scope of PCI DSS, which covers people, processes, and technology that handle cardholder

personnel,
and
review
policies
and
procedures.
They
gather
evidence
and
produce
a
Report
on
Compliance
(ROC)
for
merchants
and
service
providers,
along
with
an
Attestation
of
Compliance
(AOC)
that
states
which
PCI
DSS
requirements
are
satisfied.
They
may
also
assist
with
remediation
planning
and
validation,
and
participate
in
ongoing
assessments
to
maintain
compliance.
pass
competency
assessments,
and
commit
to
ongoing
education
to
stay
current
with
new
PCI
DSS
versions.
QSAs
must
maintain
independence
and
comply
with
PCI
SSC
codes
of
ethics
and
confidentiality
obligations.
data.
Regulatory
or
client
requirements
may
mandate
annual
or
periodic
assessments,
after
which
the
ROC
and
AOC
must
be
updated
or
renewed.
The
PCI
SSC
uses
QSAs
to
administer
uniform,
globally
recognized
validation
of
cardholder
data
security.