As of 2019, the qualification requirements for QSAs (Qualified Security Assessors) have become much tougher. Assessors must now gain an information security and an IT audit certificate. Under the previous rules, QSAs were only required to hold one of those qualifications.
The rule change took effect on 1 January 2019 for new QSAs. Those who were already qualified have until 1 July 2019 to gain the necessary qualifications.
The PCI SCC (Payment Card Industry Security Standards Council) announced the change in March 2017, so assessors had plenty of time to prepare. However, you haven’t left it too late if you’ve been delaying the certification process; plenty of QSAs still need to gain an additional qualification.
What qualifications do you need?
QSAs must gain at least one of the following information security qualifications:
- (ISC)2 CISSP® (Certified Information System Security Professional)
- ISACA® CISM® (Certified Information Security Manager)
- Certified ISO 27001 Lead Implementer
They must also certify to one of the following IT audit qualifications:
- ISACA CISA® (Certified Information Systems Auditor)
- GIAC GSNA (Systems and Network Auditor)
- Certified ISO 27001 Lead Auditor or Internal Auditor
- IRCA ISMS (information security management system) auditor or higher
- IIA Certified Internal Auditor
How IT Governance can help
Anyone looking to gain the knowledge they need to achieve the necessary qualifications should consider studying with IT Governance. Our training courses provide a structured learning path from Foundation to Advanced level for IT practitioners and lead implementers, and help you develop the skills you need to deliver best practice and compliance.
We are an acknowledged leader in ISO 27001, cyber security, data privacy, service management and business continuity training.