skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.


Qualified Security Assessor (QSA)

A Qualified Security Assessor or QSA is a person who is accredited by the PCI Security Standards Council to independently assess and validate an organization’s security compliance with PCI DSS requirements. The qualified security assessor carries out his assignment in a business environment, supplying his clients with detailed, comprehensive, and timely reports. A qualified security assessor holds both the Certified Security Expert (CSE) and the Qualified Security Manager (QSEM) certification and is a specialized individual to whom an organization can readily assign an essential role in its overall security management processes.

A QSA is an expert in all the areas of PCI Compliance, including Card Verification Management (CVM) and Enterprise Card Verification Management (ECVR). A QSA may also participate in the PCI Compliance Security Testing project, which involves the collaboration of various stakeholders to improve upon PCI DSS implementation. To qualify as a QSA company (QSAC), a company must be certified by the PCI Security Standards Council (PCSB). A QSAC must also be a member of the IAEA PCI Security Standards Board and have achieved the highest level of certification attained from one of the following three organizations – The PCI Security Standards Council (PCSB), The Institute for Service Technology Management (ISMT), or the Association for Electronic Computer Software (ACSC).

Qualified PCI Compliance auditors are also often referred to as QSAs or risk managers. This terminology is appropriate because a QSA helps ensure that a company is taking the correct action to mitigate risks, controls risks, and supports management’s efforts to manage any potential security vulnerabilities that might affect the safe storage, processing, distribution, receipt, and use of financial data. In addition, as an audit manager, a QSA assists in identifying, assessing, and prioritizing risks, presenting recommendations and strategic solutions, and coordinating and providing support throughout the PCI audit and PCI compliance process.

Back To Top