Frequently Asked Question

The Council encourages organizations to seek professional guidance in achieving compliance and completing the Self-Assessment Questionnaire. Entities can use any security professional they choose; however, PCI SSC recommends engaging a Qualified Security Assessor (QSA) that are trained to provide assessments against the PCI DSS. For a list of QSAs, please visit: https://listings.pcisecuritystandards.org/assessors_and_solutions/qualified_security_assessors