Card Production Security Assessor (CPSA) Qualification
The instructor led Card Production Security Assessor classes teach you how to perform assessments of entities in accordance with the PCI Card Production and Provisioning Standards. There are two classes available to cover both the physical and logical security requirements that may be required as part of a Card Production Assessment.
Logical Assessor training will cover systems, business processes, and activities associated with card production and provisioning such as Cryptographic Key Management, EMV data preparation, pre-personalization, magnetic stripe and IC personalization, PIN generation and/or printing, and fulfillment.
Physical Assessor training will cover the physical security controls of entities that perform any or all of the following activities:
- Manufacture of payment cards and other EMV chip-based payment products
- Magnetic stripe personalization
- Chip pre-personalization
- Chip embedding
- EMV, data-preparation
- OTA Provisioning
- HCE provisioning
- PIN Generation and/or Printing
The PCI Card Production and Provisioning Logical Security Standard provides a set of security requirements and assessment procedures for performing PCI Card Production Logical Security Assessments. The logical Standard training is comprised of a two-day instructor-led course and exam.
The Card Production Assessor logical security training covers the PCI Card Production and Provisioning Logical Security Requirements and Testing Procedures (PCI Card Production and Provisioning Logical Security Standard). Candidates will learn how to:
- Validate and confirm the scope of the Card Production Environment as defined by the assessed entity.
- Select employees, facilities, systems, and system components accurately representing the assessed environment if sampling is employed.
- Apply independent judgement about whether the assessed entity meets the PCI Card Production and Provisioning Logical Security Standard.
- Effectively use the PCI Card Production and Provisioning ROC Reporting Template to produce PCI Card Production and Provisioning Logical Security Reports on Compliance.
- Validate and attest to an entity’s PCI Card Production and Provisioning Logical Security Standard compliance status.
- Conduct follow-up assessments as needed.
- Learn how to complete the PCI Card Production and Provisioning ROC and PCI Card Production and Provisioning AOC documentation required for submission following completion of an assessment.
- Support client’s ongoing security and compliance efforts through your knowledge of the PCI Card Production and Provisioning Logical Security Standard.
- Gain recognition of your professional achievement with this industry credential.
- Expand your knowledge in securing the payments chain with an in depth look at how a card production entities systems, key management, and security procedures must meet the PCI Standard.
- Be included in a searchable directory on the PCI website.
Right for You?
If you want to:
- Learn more about the Card Production and Provisioning Logical Security Standard.
- Learn more about the Card Production and Provisioning Physical Security Standard.
- Perform PCI CPSA Assessments and validate an organization’s compliance status.
6 Dec 2022 Closed
7 Mar 2023
20 Jun 2023
8 Dec 2022 Closed
9 Mar 2023
22 Jun 2023
Remote classes are a combination of eLearning and a live webinar.
Become a CPSA when you take this class and become qualified.
|Course||Price||Prices Beginning 1 January 2023|
|New Card Logical Training (eLearning only)||USD 2,750||USD 3,000|
Requalification Card Logical Training
|USD 1,650||USD 1,800|
Knowledge Training Card Logical Non-PO *
Knowledge Training Card Logical PO *
New Card Physical Training (eLearning only)
|USD 1,375||USD 1,500|
Requalification Card Physical Training
|USD 1,095||USD 1,200|
Knowledge Training Card Physical Non-PO *
Knowledge Training Card Physical PO *
Combined New Card Logical and Physical Training
Combined Requalification Card Logical and Physical Training
Please note: Unless otherwise specified, all fees are in US Dollars.
Knowledge training does not lead to assessor status.
In order to attend PCI Card Production Security Assessor training for certification, you must be a full-time employee of an active CPSA Company.
How to Prepare for the Exam
Prior to taking the CPSA Logical Security training and exam, candidates should familiarize themselves with information regarding the PCI Card Production and Provisioning Logical Security Standard, the CPSA program, and all other supporting documents available on the PCI Website Document Library.
This class can also be taken as knowledge training for those that do not require qualification.
Step 1 – Review
Refer to the CPSA Qualification Requirements for a complete description of the program and its requirements, and to confirm that you are a suitable candidate for the program. Then complete the CPSA registration form online (see step 2).
Step 2 – Apply
Complete the online application form through PCI SSC’s secure portal. Application requirements include:
- Submit CPSA registration form
- Complete company application (Primary Contact will gain access to the online application only after the CPSA registration form has been approved by PCI SSC).
- Enroll professionals in CPSA training (Primary Contact will have the ability to enroll professionals in CPSA training through the portal only after the CPSA Company application has been approved).
- Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of CPSA training request approval). For more information about the training fees, please see the CPSA Training Pricing page.
Step 3 - Train
Upon receipt of payment the primary contact will receive the location details for the instructor-led class.
Step 4 - Enrollment
Once the application has been approved by the PCI Security Standards Council, and its designated CPSA employees have attended and passed the CPSA training, the CPSA Company will receive confirmation of acceptance into the program, and the CPSA employees will each receive a Certificate of Qualification. The CPSA employees will be added to the Council’s database of certified CPSA personnel, and the company may now perform its own security audits until the time comes to complete the annual Requalification training to maintain the certification.
In order to maintain the high standards set for this qualification, all CPSAs must requalify every year to continue to maintain their status and be listed on the PCI website.
Requalification requirements help ensure that CPSAs remain current with technical and industry changes and demonstrate professionalism.
To maintain active qualification status, CPSAs must:
- Abide by the PCI SSC Code of Professional Responsibility
- Meet the Continuing Professional Education (CPE) requirements:
- There is no requirement for CPSA Logical Assessors to report CPEs to PCI
- CPSA (Physical Assessor with no industry certifications) 10 CPE credits per year and a minimum of 30 CPE credits over a rolling three-year period
- Download the current version of the CPE Maintenance Guide
- Training provided by PCI SSC will count towards the annual CPE hours
- For your convenience, CPE hours can be tracked and stored in the PCI portal at any time (if required). All required CPE hours must be input prior to requalification
- Once the required number of CPE hours has been recorded, select a requalification option and submit your registration
- An invoice will be emailed within 2-3 business days
- You will receive an email containing instructions and credentials to complete the requalification exam within 2 business days of payment processing
- Once you successfully pass the exam, a new certificate will be emailed, and you’ll be listed on the PCI website as a CPSA for another year
Requalification training, and a training invoice will be issued to the primary contact.