The Payment Card Industry (PCI) Qualified Security Assessor (QSA) designation is conferred by the PCI Security Standards Council to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of a Qualified Security Assessor (QSA) company Approved PCI Security and Auditing Firm, and will be performing PCI compliance assessments as they relate to the protection of credit card data.
The term QSA can implied to identify an individual qualified to perform PCI compliance auditing and consulting or the firm itself.
The primary goal of an individual with the PCI QSA certification is to perform an assessment of a firm that handles credit card data against the high-level control objectives of the PCI Data Security Standard (PCI DSS). There are different levels of auditing and reporting requirements, but the twelve high-level control objectives, and corresponding sub-requirements, of the PCI Data Security Standard are required to be met either directly or through a compensating control. Requirement 3.2 prohibits the storage of track data and does not allow for compensating controls. Compensating controls are not always allowed and must be approved on a case-by-case basis.
Famous quotes containing the words qualified and/or security:
“Don’t give your opinions about Art and the Purpose of Life. They are of little interest and, anyway, you can’t express them. Don’t analyse yourself. Give the relevant facts and let your readers make their own judgments. Stick to your story. It is not the most important subject in history but it is one about which you are uniquely qualified to speak.”
—Evelyn Waugh (1903–1966)
“Happiness is peace after strife, the overcoming of difficulties, the feeling of security and well-being. The only really happy folk are married women and single men.”
—H.L. (Henry Lewis)