Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Approved Companies & Providers

Overview of QSA, PA-QSA, ASV, ISA, QIR and PCIP Programs

The PCI Security Standards Council operates a number of programs to train, test and certify organizations and individuals to assess and validate adherence to PCI Security Standards. For specifics on each program, click on its heading.

Qualified Security Assessors (QSAs)

Qualified Security Assessor (QSA) companies are organizations that have been qualified by the Council to have their employees assess compliance to the PCI DSS standard. Qualified Security Assessors are employees of these organizations who have been certified by the Council to validate an entity’s adherence to the PCI DSS.

Payment Application Qualified Security Assessors (PA-QSAs)

Payment Application Qualified Security Assessor (PA-QSA) companies are organizations that have been qualified by the Council to have their employees assess compliance to the PCI PA-DSS standard. Payment Application Qualified Security Assessors are employees of these organizations who have been certified by the Council to validate an entity’s adherence to the PCI PA-DSS.

Approved Scanning Vendors (ASVs)

Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet facing environments of merchants and service providers. The Council has approved more than 130 ASVs.

Internal Security Assessors (ISAs)

Internal Security Assessor (ISA) sponsor companies are organizations that have been qualified by the Council. The PCI SSC Internal Security Assessor (ISA) Program consists of internal security audit professionals of Sponsor organizations who are qualified through training from the Council to improve their organization’s understanding of the PCI DSS, facilitate the organization’s interactions with QSAs, enhance the quality, reliability, and consistency of the organization’s internal PCI DSS self-assessments, and support the consistent and proper application of PCI DSS measures and controls.

Qualified Integrators and Resellers (QIRs)

The PCI SSC Qualified Integrators and Resellers Program provides an opportunity for eligible professionals of qualifying organizations to receive training and qualification on the secure installation of PA-DSS validated payment applications into merchant environments in a manner that supports PCI DSS compliance.

PCI Forensic Investigator (PFI)

The PCI Forensic Investigator (PFI) program establishes and maintains rules and requirements regarding eligibility, selection and performance of companies that provide forensic investigation services to ensure they meet PCI Security Standards. The PFI program aims to help simplify and expedite procedures for approving and engaging forensic investigators.

Point-to-Point Encryption (P2PE)

Qualified Security Assessors Point to Point Encryption/ (QSA (P2PE)s companies are organizations that have been qualified by the Council to have their employees assess PCI P2PE Solutions. Qualified Security Assessors Point to Point Encryption assessors are employees of these organizations have been certified by the Council to validate P2PE Solutions.

Payment Application Qualified Security Assessors Point to Point Encryption / PA-QSA (P2PE)s are organizations that have been qualified by the Council to have their employees assess PCI P2PE Solutions and Application. PA-QSA (P2PE)s are employees of these organizations who have been certified by the Council to validate P2PE Solutions and P2PE Applications. They are the only assessors who are qualified to perform Domain 2 assessments.

Payment Card Industry Professional (PCIP)™

The Payment Card Industry Professional™ Program provides a personal qualification that stays with you regardless of your employer. This entry-level credential demonstrates your professional awareness and knowledge of the payments security industry, the PCI standards, and supporting documents.

Validated P2PE Solutions

PCI Recognized Laboratories

PCI-recognized evaluation laboratories are organizations that have been approved by the Council to conduct security evaluations on a range of product types, both hardware and software. For device vendors and manufacturers, the labs perform device testing to validate compliance to the PIN Transaction Security (PTS) requirements and, to facilitate the evaluation process prior to actual testing, offer guidance on device design and compliance assessments.


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.