Qualified Security Assessor (QSA)

A Qualified Security Assessor (QSA) is a person who has been certified by the PCI Security Standards Council to audit merchants for Payment Card Industry Data Security Standard (PCI DSS) compliance.

QSAs are employed as impartial third parties during PCI-compliance audits of Level 1 merchants (those who process over 6 million Visa transactions a year). During the audit process, a QSA fills out a Report on Compliance (ROC) that verifies the merchant's compliance with PCI DSS. The ROC is sent to the merchant's acquiring bank, which then sends it to the appropriate credit card company for compliance verification.

In April 2010 the PCI Security Standards Council began reevaluating the QSA training process to make for more equitable PCI audits across the board.

This was last updated in June 2010

Dig Deeper on IT security audits and audit frameworks



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by:






  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...