Ready to prove compliance with a Report on Compliance (RoC)? Check out this list of trusted Qualified Security Assessors (QSAs) that can complete an RoC to verify your organization's PCI DSS compliance.
360 Advanced
The 360 Advanced team provides a variety of PCI DSS compliance services, including audits as well as readiness assessments, remediation, and consulting and reporting.
Aprio
Aprio’s QSAs use a proprietary streamlined approach to PCI DSS compliance that reduces the complexity, time, and stress associated with creating an RoC.
GRSee Consulting
GRSee’s team includes experts that can help you throughout the PCI DSS process, from gap analysis to PCI DSS certification, as well as certified QSAs who can conduct the audit.
Insight Assurance
Insight Assurance provides a tailored approach to PCI DSS assessments so you can meet compliance requirements and have peace of mind.
Moss Adams
Moss Adams can provide you with everything you need to get PCI certified, including an RoC, vulnerability scan, and pen test.
Prescient Assurance
Prescient Assurance’s experienced QSAs can deliver a full RoC or facilitate a self-assessment questionnaire. This firm also offers vulnerability scanning and penetration testing services to help you get and stay compliant.
FAQs
What is QSA in PCI?
A QSA is a qualified security assessor that performs an external audit to determine whether an organization’s policies and procedures, configurations of networks and applications, and general security controls meet PCI DSS requirements. They will then provide a documented list of findings and allow the organization to potentially resolve any vulnerabilities or missing controls in order to receive a Report on Compliance (RoC).
Do I need a QSA for PCI?
Level 1 merchant and service providers need a QSA to complete a PCI RoC. Level 2, 3, and 4 organizations can conduct a PCI SAQ internally, but may have a QSA review it to determine their compliance status with PCI.
How do I become PCI QSA certified?
Becoming PCI QSA certified is a four step-process. You must apply for qualification first and provide documentation adhering to the Qualification Requirements for Qualified Security Assessors (QSA) v. 4.1. Individuals must then complete the PCI Security Standards Council's two-part training program as well as testing to qualify to perform the assessments. And finally, you must execute an agreement with the PCI SSC governing performance.
What is the difference between a QSA and a PCI ISA?
A Qualified Security Assessor (QSA) and Internal Security Assessor (ISA) can both perform PCI audits and produce an RoC. The key difference is that ISAs can only be assessors at the organization where they are employed.