SRC offers mentoring program for future safety assessors
QSA approval – the previous, unstructured path to becoming a highly qualified safety assessor
Extensive experience is required to assess environments in which payment card data is received and/or processed for compliance with the PCI DSS security standard. Until now, there has been no standardized way of fulfilling the corresponding prerequisites for approval as a PCI DSS assessor (Qualified Security Assessor, QSA) – extensive professional experience, PCI DSS-specific training and testing as well as at least two additional accreditations in the area of information security and IT auditing.
Associate QSA – the guided path to QSA
The Payment Card Industry Security Standards Council’s (PCI SSC) new Associate QSA program now defines a pathway for new talent with a basic level of professional experience to achieve QSA accreditation.
Associate QSAs are accompanied by an experienced QSA as a mentor. The development and increasing audit experience of the Associate QSA is regularly reflected upon and documented. This ensures that the employee gains comprehensive experience in all relevant areas by the time he or she achieves QSA accreditation.
SRC trains
The SRC team is known for not just seeing test standards as checklists to be worked through, but for deriving their application to complex environments in a well-founded manner and supporting the customer in their implementation and interpretation as practically as possible. This requires comprehensive specialist knowledge and experience in combination with a constant exchange with other experts.
SRC therefore welcomes the definition of a step-by-step procedure for the training and support of Associate QSAs, which contributes to the development of a corresponding qualification. SRC has thus registered as an Associate QSA company and has already approved its first employee as an Associate QSA. This should ensure the quality of audits in the constantly changing payment transaction environments in the future.