Approved Companies & Providers

Back

Overview of QSA, PA-QSA, ASV and ISA Programs

The PCI Security Standards Council operates a number of programs to train, test and certify organizations and individuals to assess and validate adherence to PCI Security Standards. For specifics on each program, click on its heading.

Qualified Security Assessors (QSAs)

Qualified Security Assessor (QSA) companies are organizations that have been qualified by the Council to have their employees assess compliance to the PCI DSS standard. Qualified Security Assessors are employees of these organizations who have been certified by the Council to validate an entity’s adherence to the PCI DSS.

Payment Application Qualified Security Assessors (PA-QSAs)

Payment Application Qualified Security Assessor (PA-QSA) companies are organizations that have been qualified by the Council to have their employees assess compliance to the PCI PA-DSS standard. Payment Application Qualified Security Assessors are employees of these organizations who have been certified by the Council to validate an entity’s adherence to the PCI PA-DSS.

Approved Scanning Vendors (ASVs)

Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet facing environments of merchants and service providers. The Council has approved more than 130 ASVs.

Approved PIN Transaction Security Devices (PTS)

Validated Payment Applications

PCI Forensic Investigator's (PFI)

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.