Regulatory Compliance, Governance and Security

Dec 10 2009   4:56PM GMT

PCI DSS Auditors | You Need to hire a Qualified Security Assessor (QSA)



The term PCI DSS auditors is technically incorrect, as one really should be looking for a Payment Card Industry Data Security Standard (PCI DSS) Qualified Security Assessor (QSA).

So what really is a QSA? A QSA is an individual who has been through the rigorous training and certification process that is overseen by the Payment Card Industry Security Standards Council, commonly known as the PCISSC. In short, only a QSA is allowed to be a lead assessor or lead auditor, when conducting an on-site Level 1 Payment Card Industry (PCI) assessment.

Though most people simply refer to QSA’s as “PCI Auditors”, it is important to understand really what a “PCI Auditor” is and what they do. Many QSA’s actually help companies perform their annual PCI self-assessments also. Why? Because a self-assessment is much easier said than done, as most merchants and service providers simply lack the knowledge and understanding of PCI to self-assess with no help.

a QSA can also assist in recommending various hardware and software solutions for PCI compliance along with giving a company excellent guidance on how to meet the rigorous demands of PCI compliance.
There is nothing wrong with also using an I.T. expert, but when it comes to compliance and certification for PCI, you need to use a QSA.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: