Posts

Associate QSA

Associate QSA — quali­fying as a QSA

SRC offers mentoring programme for future Security Evalu­ators

The QSA accred­i­tation — the previous, unstruc­tured path to becoming a highly qualified Security Evaluator

Extensive experience is required to audit environ­ments in which payment card data is accepted and/or processed for compliance with the PCI DSS security standard. To date, there has been no standardised way of fulfilling the relevant prereq­ui­sites for admission as a PCI DSS assessor (Qualified Security Assessor, QSA) which are compre­hensive profes­sional experience, PCI DSS-specific training and testing as well as at least two other accred­i­ta­tions in the field of infor­mation security and IT auditing.

Associate QSA — the accom­panied path to QSA

With the new Associate QSA programme of the Payment Card Industry Security Standards Council (PCI SSC), an oppor­tunity has now been defined through which new talents with a basic level of profes­sional experience can advance towards QSA approval.

Associate QSA will be accom­panied by an experi­enced QSA mentor. The devel­opment and increasing audit experience of the Associate QSA are regularly reflected and documented. In this way, it is monitored and ensured that the employee has compre­hensive experience in all relevant areas until he or she obtains QSA accred­i­tation.

SRC provides training

The SRC team is known for not consid­ering test standards as check­lists to be processed, but for deriving their appli­cation from complex environ­ments and for supporting the customer in the imple­men­tation and inter­pre­tation as practi­cally as possible. This requires compre­hensive expertise and experience in combi­nation with a constant exchange with other experts.

SRC therefore welcomes the defin­ition of a step-by-step procedure for the training and support of Associate QSA, which contributes to the devel­opment of an appro­priate quali­fi­cation. SRC has thus regis­tered as an Associate QSA company and has already approved the first employee as an Associate QSA. In this way, the quality of the audits in the constantly changing payment trans­action environ­ments is to be guaranteed also in the future.