Have you met the PCI SSC’s new QSA requirements?

As of 2019, the qualification requirements for QSAs (Qualified Security Assessors) have become much tougher. Assessors must now gain an information security and an IT audit certificate. Under the previous rules, QSAs were only required to hold one of those qualifications.

The rule change took effect on 1 January 2019 for new QSAs. Those who were already qualified have until 1 July 2019 to gain the necessary qualifications.

The PCI SCC (Payment Card Industry Security Standards Council) announced the change in March 2017, so assessors had plenty of time to prepare. However, you haven’t left it too late if you’ve been delaying the certification process; plenty of QSAs still need to gain an additional qualification.


What qualifications do you need?

QSAs must gain at least one of the following information security qualifications:

They must also certify to one of the following IT audit qualifications:


How IT Governance can help

Anyone looking to gain the knowledge they need to achieve the necessary qualifications should consider studying with IT Governance. Our training courses provide a structured learning path from Foundation to Advanced level for IT practitioners and lead implementers, and help you develop the skills you need to deliver best practice and compliance.

We are an acknowledged leader in ISO 27001, cyber security, data privacy, service management and business continuity training.

Want to be notified about other GDPR fines? Subscribe to the Weekly Round-up!


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.