What is a QSA - Qualified Security Assessor for PCI?

A QSA is a PCI Security Standards Council designation applied to individuals who: meet specific information security education requirements; have taken the appropriate training from the PCI Security Standards Council; are employees of a Qualified Security Assessor (QSA) company approved PCI security and auditing firm, and; will be performing PCI compliance assessments as they relate to the protection of credit card data.

To become an AQSA, an individual must work for a QSA company (QSAC). The primary contact at a QSAC is responsible for submitting the relevant applicant materials, including a resume, desired training course and relevant information technology experience and skills, or another IT-related field to the PCI SSC for initial review. Once the PCI SSC reviews and approves these materials, they'll be granted access to the relevant training materials online. Notification of test results generally takes two weeks or less.