Associate QSA

Asso­ciate QSA — qual­i­fy­ing as a QSA

SRC offers men­tor­ing pro­gramme for future Secu­ri­ty Eval­u­a­tors

The QSA accred­i­ta­tion — the pre­vi­ous, unstruc­tured path to becom­ing a high­ly qual­i­fied Secu­ri­ty Eval­u­a­tor

Exten­sive expe­ri­ence is required to audit envi­ron­ments in which pay­ment card data is accept­ed and/or processed for com­pli­ance with the PCI DSS secu­ri­ty stan­dard. To date, there has been no stan­dard­ised way of ful­fill­ing the rel­e­vant pre­req­ui­sites for admis­sion as a PCI DSS asses­sor (Qual­i­fied Secu­ri­ty Asses­sor, QSA) which are com­pre­hen­sive pro­fes­sion­al expe­ri­ence, PCI DSS-spe­cif­ic train­ing and test­ing as well as at least two oth­er accred­i­ta­tions in the field of infor­ma­tion secu­ri­ty and IT audit­ing.

Asso­ciate QSA — the accom­pa­nied path to QSA

With the new Asso­ciate QSA pro­gramme of the Pay­ment Card Indus­try Secu­ri­ty Stan­dards Coun­cil (PCI SSC), an oppor­tu­ni­ty has now been defined through which new tal­ents with a basic lev­el of pro­fes­sion­al expe­ri­ence can advance towards QSA approval.

Asso­ciate QSA will be accom­pa­nied by an expe­ri­enced QSA men­tor. The devel­op­ment and increas­ing audit expe­ri­ence of the Asso­ciate QSA are reg­u­lar­ly reflect­ed and doc­u­ment­ed. In this way, it is mon­i­tored and ensured that the employ­ee has com­pre­hen­sive expe­ri­ence in all rel­e­vant areas until he or she obtains QSA accred­i­ta­tion.

SRC pro­vides train­ing

The SRC team is known for not con­sid­er­ing test stan­dards as check­lists to be processed, but for deriv­ing their appli­ca­tion from com­plex envi­ron­ments and for sup­port­ing the cus­tomer in the imple­men­ta­tion and inter­pre­ta­tion as prac­ti­cal­ly as pos­si­ble. This requires com­pre­hen­sive exper­tise and expe­ri­ence in com­bi­na­tion with a con­stant exchange with oth­er experts.

SRC there­fore wel­comes the def­i­n­i­tion of a step-by-step pro­ce­dure for the train­ing and sup­port of Asso­ciate QSA, which con­tributes to the devel­op­ment of an appro­pri­ate qual­i­fi­ca­tion. SRC has thus reg­is­tered as an Asso­ciate QSA com­pa­ny and has already approved the first employ­ee as an Asso­ciate QSA. In this way, the qual­i­ty of the audits in the con­stant­ly chang­ing pay­ment trans­ac­tion envi­ron­ments is to be guar­an­teed also in the future.