PCI QSA Qualification Requirements

  • July 14, 2019

    PCI QSA Qualification Requirements

    InfoSecure Redteam, Inc. dba InfoSecure Redteam Conformance is a Qualified Security Assessor Company.  As such, InfoSecure has met specific requirement established by the PCI Security Standards Council such as Company Specific Business, Capability, Administrative, and Ongoing Qualification Requirements.  In addition, InfoSecure maintains an Assessor Quality Management process to ensure ongoing compliance with PCI SSC standards.

    InfoSecure QSA Employee Requirements

    According to the PCI SSC, each QSA employee must satisfy many requirements:

    Background checks

    Necessary knowledge and experience to perform QSA assessments with at least one-year experience in each of the following:

    • Application security
    • Information systems security
    • Network security
    • IT security auditing
    • Information security risk assessment or risk management

    QSA employees must possess one of the following accrediting certifications:

    • (ISC)2 Certified Information Systems Security Professional (CISSP)
    • ISACA Certified Information System Security Manager (CISM)
    • Certified ISO 27001 Lead Implementer

    In addition to the above, QSA employees must also possess one of the following additional certifications:

    • ISACA Certified Information Systems Auditor (CISA)
    • GIAC Systems and Network Auditor (GSNA)
    • Certified ISO 27001 Lead Auditor or Internal Auditor
    • IRCA ISMS Auditor or higher

    The PCI SSC requires QSA employees to have knowledge about PCI DSS and applicable documents, attend annual QSA employee training, and adhere to the PCI SSC Code of Professional Responsibility.