Tamaño del texto Aumentar el tamaño de la letraDisminuir el tamaño de la letraRestablecer el tamaño de la letra

Become a Qualified Security Assessor (QSA)

Introduction

The PCI Security Standards Council operates an in-depth program for security companies seeking to become Qualified Security Assessors (QSAs), and to be re-certified each year. The five founding members of the Council recognize the QSAs certified by the PCI Security Standards Council as being qualified to assess compliance to the PCI DSS standard.

Because the quality of PCI DSS validation assessments can have a tremendous impact on the consistent and proper application of security measures and controls, the PCI Security Standards Council's QSA qualification requirements are exacting and detailed, involving both the security companies and their individual employees. The time elapsed from application submission to a new QSA being listed on the PCI Security Standards Council Web site is estimated at three months.

The high-level qualification requirements are as follows. Prospective QSA companies must:

The Process of Becoming a QSA

Step 1 - Application
The security company must first submit the required documentation, including certifications, business license, insurance certificates and the registration fee, which is credited against the initial enrollment fee if the firm becomes qualified. Please see the Validation Requirements for Qualified Security Assessors (QSAs) v 1.2. Submit your attestation to the requirements to:

PCI Security Standards Council - QSA Program
401 Edgewater Place, Suite 600
Wakefield, MA 01880

The Council will review these materials, and will communicate with the security company to address any issues or lack of information. When the materials are complete, the prospective Qualified Security Assessor Company (QSAC) will be invited to schedule training for its employees.

Step 2 - Training
All individuals who will be involved in assessing security for the company's clients must undergo and pass the Council's QSA training course and receive official certification. Individual fees apply. A Council representative will schedule training for the prospective QSA's employees, and the company will be notified whether they pass or fail the test at the end of the course. For more information regarding QSA training, please click here.

Step 3 - Enrollment
When the enrollment fee balance has been received by the PCI Security Standards Council, the security company will receive a Letter of Acceptance from the Council, and each of its employees who has passed the training course will receive a Certificate of Qualification. The new QSA firm will be listed on the Council Web site, the employees will be added to the Council's database of certified personnel, and the company may now perform audits for its clients.

To ensure that security audits are carried out at the highest levels of quality and professionalism, the PCI Security Standards Council encourages the payment brands and other entities to submit audit Quality Feedback Forms, which will be evaluated by the Council's Technical Working Group. If a QSA is judged to be deficient in its audit efforts, the Council will engage in dialog to recommend measures for improvement. If improvement is not deemed sufficient, the result could be disqualification for the QSA and removal from the Website list.


Volver al principio

El PCI Security Standards Council (el "Concejo") proporciona una serie de herramientas, cuestionarios, orientación, preguntas frecuentes, recursos de capacitación y otros materiales e información para prestar asistencia a organizaciones que buscan el cumplimiento de sus normas (las "Normas"). También hay productos y servicios de terceros disponibles, pero el Concejo no respalda ni recomienda tales productos o servicios de terceros, y recomienda a todas las organizaciones que buscan el cumplimiento de las Normas familiarizarse con las mismas y sus requisitos relacionados antes de adquirir productos o servicios de terceros. En última instancia, se deben cumplir todos los requisitos aplicables a fin de lograr el cumplimiento, independientemente de si se utilizan productos o servicios de terceros o de cuáles sean.
Powered By OneLink