Associate QSA — qualifying as a QSA
SRC offers mentoring programme for future Security Evaluators
The QSA accreditation — the previous, unstructured path to becoming a highly qualified Security Evaluator
Extensive experience is required to audit environments in which payment card data is accepted and/or processed for compliance with the PCI DSS security standard. To date, there has been no standardised way of fulfilling the relevant prerequisites for admission as a PCI DSS assessor (Qualified Security Assessor, QSA) which are comprehensive professional experience, PCI DSS-specific training and testing as well as at least two other accreditations in the field of information security and IT auditing.
Associate QSA — the accompanied path to QSA
With the new Associate QSA programme of the Payment Card Industry Security Standards Council (PCI SSC), an opportunity has now been defined through which new talents with a basic level of professional experience can advance towards QSA approval.
Associate QSA will be accompanied by an experienced QSA mentor. The development and increasing audit experience of the Associate QSA are regularly reflected and documented. In this way, it is monitored and ensured that the employee has comprehensive experience in all relevant areas until he or she obtains QSA approval.
SRC provides training
The SRC team is known for not considering test standards as checklists to be processed, but for deriving their application from complex environments and for supporting the customer in the implementation and interpretation as practically as possible. This requires comprehensive expertise and experience in combination with a constant exchange with other experts.
SRC therefore welcomes the definition of a step-by-step procedure for the training and support of Associate QSA, which contributes to the development of an appropriate qualification. SRC has thus registered as an Associate QSA company and has already approved the first employee as an Associate QSA. In this way, the quality of the audits in the constantly changing payment transaction environments is to be guaranteed also in the future.