PCI Security Standards Council®

Internal Security Assessor (ISA)™ Qualification

The Internal Security Assessor program teaches you how to perform internal assessments for your company and recommend solutions to remediate issues related to PCI DSS compliance. Assessors are sponsored by their companies, so when you receive this qualification you will be able to act as a liaison with external PCI auditors and manage interactions with a Qualified Security Assessor (QSA).

Download a Case Study

Apply Now

Benefits of the course include:

Right for you if…

You are an experienced internal auditor, or an internal security or risk assessment professional at a retailer, institution, acquiring bank or processor.

Course Details

Course Description

Internal Security Assessor (ISA) training is a two-part program. The first is a seven-hour prerequisite course and exam about PCI Fundamentals. It’s followed by an in-depth course (that can be taken via either instructor-led or online eLearning format) and exam.

Part 1 - PCI Fundamentals

PCI Fundamentals assures that all candidates attending the ISA training course have the same baseline understanding. The PCI Fundamentals course must be completed within thirty days of initial access and a minimum of one week prior to the start of an on-site training class. This prerequisite course covers:

  • Understanding the Payment Card Industry Security Standards Council and its role
  • Defining the processes involved in card processing
  • PCI roles and responsibilities
  • Understanding cardholder data
  • Defining network segmentation
  • PCI DSS assessments

Part 2 - ISA Qualification

Candidates who successfully complete the prerequisite PCI Fundamentals course may move on to the ISA qualification course. This course builds on the knowledge gained in PCI Fundamentals and delves into the actual PCI DSS requirements, testing procedures, compliance reports and more. The Internal Security Assessor course covers:

  • What is PCI and what does it mean to companies that must meet compliance with the DSS?
    • Industry overview
    • Terminology
    • Transaction data flow
    • Relationships between various organizations in the process
  • How the credit card brands differ in their validation and reporting requirements
  • PCI Data Security Standard (DSS)
    • Overview of each requirement
    • Testing procedures
    • What constitutes compliance
  • PCI Hardware and Communications Infrastructure
  • PCI Reporting
  • Overview of compliance issues and mitigation strategies
  • Compensating controls
  • Creating policies
  • Modifying cardholder data environment

The instructor-led course includes case studies providing a simulation of assessment scenarios that may help you in solving common problems within your own payment environment.

How to Prepare

Prior to beginning the PCI Fundamentals training, you should familiarize yourself with these publications on the PCI website:

  • Glosario de PCI
  • PCI DSS
  • PCI DSS Self-Assessment Questionnaire (SAQ)
Training and Exam

PCI Fundamentals

The online prerequisite course concludes with a 50 question multiple-choice exam. Once the candidate has completed the PCI Fundamentals training and exam, the Primary Contact will be notified of either a passing or failing grade. If the candidate failed the exam, he or she will be allowed two additional attempts to take and pass without being charged an additional fee.

Depending on which format the candidate is registered for, the following will transpire:

Instructor-led
Once the candidate passes the exam, the candidate's seat will be confirmed for training and a confirmation email will be sent to the Primary Contact with complete location details. As an ISA candidate, your seat is not confirmed until your Primary Contact receives a confirmation email.

eLearning
Once the candidate passes the exam, the candidate will receive a link to the online training course.

Instructor-Led ISA Qualification Course

This two-day classroom instruction provides:

  • In-person engagement and collaboration as well as networking opportunities
  • Ability to focus on curriculum in classroom setting
  • Learn directly from an expert PCI SSC trainer with hands-on experience assessing merchants and/or service providers

Attendance during the entire two day course is mandatory. Missing more than 30 minutes of the class will automatically result in forfeiture of the PCI SSC ISA exam and removal from the class.

Taking the exam - The certification exam is given immediately following the instructor-led course. The only document you will be allowed to reference during the testing is a translation dictionary, if needed.  No electronic devices may be used during the exam. This is a closed book exam. The exam consists of 75 multiple choice questions and you will have 90 minutes to complete it.

The Primary Contact at the Sponsor Company will be notified of results within two weeks after the ISA candidate attends the instructor-led PCI SSC ISA training and exam. Candidates who fail this exam may pay $250 and retake the exam at a Pearson VUE Testing Center within 30 days of failing status notification. Candidates who wish to enroll in a second class will be required to pay the full costs for the chosen location and will be required to retake and pass PCI Fundamentals. If the candidate passes, the Sponsor Company will be sent a certificate that validates the candidate's active ISA status for the next 12 months

Instructor-Led Training is also provided by PGTN Providers in certain regions; candidates attending a PGTN class will take the exam at an authorized Pearson Vue Testing Center. Refer to the elearning section below for taking the exam.

eLearning ISA Qualification Course

This self-paced online eLearning course offers:

  • Flexible scheduling 24/7/365
  • Learn from your home or office
  • Reduced travel costs and time away from work

Taking the exam - Upon completion of the eLearning curriculum, the student will take the qualification exam at one of over 4,000 Pearson VUE Testing Centers worldwide. The student will receive a voucher number to be redeemed in Pearson VUE's online registration system; testing location and time are selected by the student. The exam must be completed in one sitting and must be taken within 30 days of the candidate being given the information on how to schedule the exam.

Candidates who fail this exam may pay $250 and retake the exam at a Pearson VUE Testing Center within 30 days of failing status notification. If the candidate fails the second exam, he/she is required to pay for and retake the entire course, including PCI Fundamentals, in either instructor-led or eLearning format.

Find a Testing Center Request More Information
Registration

Registrants must have significant relevant security audit and assessment experience (including but not limited to Network Security, Application Security and Consultancy, System Integration, and Auditing).  A minimum of five years experience is recommended.

Complete and Submit an Application

ISA training candidates must be sponsored by their employer.

If your company is already an ISA sponsor, please request that your Primary Contact submit a training registration on your behalf through the ISA Portal.

If your company is not already an ISA sponsor, please refer to the ISA Qualification Requirements for a complete program description and requirements, and to confirm that both you and your organization are well suited for the program. Then follow the steps below:

  1. Submit ISA registration form
  2. Complete company application (Primary Contact will gain access to the online application on  the PCI SSC secure portal only after the ISA registration form has been approved).
  3. Enroll professionals in ISA training (Primary Contact will have the ability to enroll professionals in ISA training through the portal only after the ISA Company application has been approved).
  4. Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of ISA training request approval). In the case that the Instructor-Led Training is hosted by a PGTN Provider the invoice shall be issued by the PGTN Provider. For more information about the training fees, please see the ISA Training Pricing page.
Learn More
Requalification

In order to maintain the high standards set for this certification, all ISA employees must re-certify every 12 months in order to continue as an Internal Security Assessor for their Sponsor Company. All ISA Program training attendees will be required to sign and accept the terms of the PCI SSC ISA Employee Certification form at the time they begin the online training.

All training inquiries and assignments must be submitted through the ISA Sponsor Company's primary contact. Primary Contacts will submit training requests via the ISA Portal. PCI SSC requires all ISA trainees to be full time employees of the company that sponsors their ISA training. Once certified, if an ISA professional leaves their sponsoring company, they must complete new certification sponsored by their new employer.

All requests for requalification must be submitted at least two weeks prior to the certificate expiration date. Attempting to recertify two weeks or more after the ISA’s annual expiration date will require the ISA to attend New ISA training.

*Note: Payment of the training invoice must be received before login information will be sent to the candidate.

Continuing Professional Education (CPE) Hours

It is recommended that the ISA candidate have information systems assessment training within the last 12 months to support professional certifications of a minimum 20 Continuing Professional Education (CPE) hours per year and 120 Continuing Professional Education (CPE) hours over a rolling three year period.

  • Training provided by PCI SSC will count towards the annual CPE hours.
  • Click here for information on activities that qualify for CPE hours.

To register, please have your company’s primary contact log into the portal to submit the request. Primary contacts, please submit questions to the ISA Program Manager at isa@pcisecuritystandards.org

Upcoming Courses

In addition to an eLearning format available 24/7, the Council also offers scheduled two-day instructor-led classes. Our authorized PCI Global Training Network (PGTN) provider will also hold instructor-led classes in various locations worldwide. See schedules below.

2016 PCI SSC Course Schedule

Date
Location
Time
Non Participating Organization
Participating Organization
Date: 3-4 May
Location: Mexico City
Class conducted in Spanish
Time: 09:00-17:30
*Available by invitation only to customers of 1st Secure IT. To register or learn more, contact Romana Sturdikova at rsturdikova@1stsecureit.com
Date: 16-17 May
Location: Denver, CO
Time: 09:00-17:30
Non Participating Organization:$2850 USD
Sold out
Participating Organization:$1650 USD
Sold out
Date: 6-7 Jun
Location: Prague, Czech Republic
Time: 09:00-17:30
Non Participating Organization: $3950 USD
Sold out
Participating Organization: $2500 USD*
Sold out
Date: 29-30 Jun
Location: Boston, MA
Time: 09:00-17:30
Non Participating Organization: $2850 USD
Participating Organization: $1650 USD
Date: 18-19 Jul
Location: Toronto, Canada
Time: 09:00-17:30
Non Participating Organization: $2850 USD
Participating Organization: $1650 USD*
Date: 1-2 Aug
Location: Chicago, IL
Time: 09:00-17:30
Non Participating Organization: $2850 USD
Participating Organization: $1650 USD
Date: 5-6 Sep
Location: Zurich, Switzerland
Time: 09:00-17:30
Non Participating Organization: $3950 USD
Participating Organization: $2500 USD*
Date: 18-19 Sep
Location: Las Vegas, NV
Time: 09:00-17:30
Non Participating Organization: $2850 USD
Participating Organization: $1650 USD
Date: 13-14 Oct
Location: Edinburgh, Scotland
Time: 09:00-17:30
Non Participating Organization: $3950 USD
Participating Organization: $2500 USD
Date: 10-11 Nov
Location: Singapore
Time: 09:00-17:30
Non Participating Organization: $2850 USD
Participating Organization: $1650 USD
Location: eLearning course
Non Participating Organization: $2850 USD
Participating Organization: $1650 USD
Annual ISA requalification training fee is $1095 USD per Assessor

Please note: Unless otherwise specified, all fees are in US Dollars. All course fees are NON-TRANSFERABLE and NON-REFUNDABLE. Payment is required prior to beginning the course. Course conducted in English. Examination delivered in English.
* Please Note: plus any applicable VAT/HST


**Become a Participating Organization and SAVE up to 40% on ISA training fees. To learn about becoming a Participating Organization please click here.
Apply Now

2016 PGTN Course Schedule

Date
Location
Time
Date:25-26 May
Location:Istanbul, Turkey
Time: 09:00-17:30
Date: 8-9 Jun
Location: Zagreb, Croatia
Time: 09:00-17:30
Date: 16-17 Jun
Location: Panama City, Panama
Time: 09:00-17:30
Date:24-25 Aug
Location:Lagos, Nigeria
Time: 09:00-17:30
Date:20-21 Oct
Location:Panama City, Panama
Time: 09:00-17:30
Date:26-27 Oct
Location:Johannesburg, South Africa
Time: 09:00-17:30
Date: 23-24 Nov
Location: Manama, Bahrain
Time: 09:00-17:30
Pricing and Further Details

Group Training Option

If you have a group to train, please consider our Corporate Group Training instructor-led option, where an expert PCI instructor comes to your facility (or any location you choose) to deliver the course. We offer volume discounts - the more you train, the more you save! Please click below to learn more, or contact us now for a custom quote.

Learn More Contact Us


Download Case Studies

View Cafe Rio Case Study
View Rational Group Case Study

Powered By OneLink