Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to individuals it deems qualified to perform PCI assessments and consulting services.
To qualify as a PCI QSA, an individual must meet information security education requirements, take appropriate training from the PCI Security Standards Council and be employed by an approved PCI security and auditing firm. PCI QSAs must be re-certified annually.
A PCI QSA is hired as an impartial third party by organizations subject to the PCI Data Security Standard to conduct a PCI assessment or advise the organization on how to achieve PCI compliance. During a PCI assessment, the QSA determines whether the organization has met the PCI 12 requirements, either directly or through compensating controls. The QSA then completes a Report on Compliance (ROC) to verify the organization's compliance. The ROC is sent to the organization’s acquiring bank, which then sends it to the appropriate credit card company for verification.