The Payment Card Industry (PCI) Qualified Security Assessor (QSA) designation is conferred by the PCI Security Standards Council to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of a Qualified Security Assessor (QSA) company Approved PCI Security and Auditing Firm, and will be performing PCI compliance assessments as they relate to the protection of credit card data.
The term QSA can implied to identify an individual qualified to perform PCI compliance auditing and consulting or the firm itself.
The primary goal of an individual with the PCI QSA certification is to perform an assessment of a firm that handles credit card data against the high-level control objectives of the PCI Data Security Standard (PCI DSS). There are different levels of auditing and reporting requirements, but the twelve high-level control objectives, and corresponding sub-requirements, of the PCI Data Security Standard are required to be met either directly or through a compensating control. Requirement 3.2 prohibits the storage of track data and does not allow for compensating controls. Compensating controls are not always allowed and must be approved on a case-by-case basis.
Famous quotes containing the words qualified and/or security:
“I used to join the murmurings about “Where are the qualified women?” As we murmured, we would all gaze about the room, up toward the chandelier, into the corner behind the potted palm, under the napkin, hoping perhaps that qualified women would pop out like leprechauns.”
—Jane O’Reilly, U.S. feminist and humorist. The Girl I Left Behind, ch. 5 (1980)
“There is something that Governments care for far more than human life, and that is the security of property, and so it is through property that we shall strike the enemy.... Be militant each in your own way.... I incite this meeting to rebellion.”
—Emmeline Pankhurst (1858–1928)