Internal Security Assessor (ISA)™ Qualification
The Internal Security Assessor program teaches you how to perform internal assessments for your company and recommend solutions to remediate issues related to PCI DSS compliance. Assessors are sponsored by their companies, so when you receive this qualification you will be able to act as a liaison with external PCI auditors and manage interactions with a Qualified Security Assessor (QSA).
Internal Security Assessor (ISA) training is a two-part program. The first is a seven-hour prerequisite course and exam about PCI Fundamentals. It’s followed by an in-depth course (that can be taken via either instructor-led or online eLearning format) and exam.
Benefits of the course include:
- Understand the PCI DSS and how it can help protect your customer data and your business
- Define the processes involved in card processing and network segmentation
- Help your organization build internal expertise and assess its compliance with PCI Standards
- Enhance payment card data security and manage compliance costs
Candidates who successfully complete the prerequisite PCI Fundamentals course may move on to the ISA qualification course. This course builds on the knowledge gained in PCI Fundamentals and delves into the actual PCI DSS requirements, testing procedures, compliance reports and more. The Internal Security Assessor course covers:
- What is PCI and what does it mean to companies that must meet compliance with the DSS?
- Industry overview
- Transaction data flow
- Relationships between various organizations in the process
- How the credit card brands differ in their validation and reporting requirements
- PCI Data Security Standard (DSS)
- Overview of each requirement
- Testing procedures
- What constitutes compliance
- PCI Hardware and Communications Infrastructure
- PCI Reporting
- Overview of compliance issues and mitigation strategies
- Compensating controls
- Creating policies
- Modifying cardholder data environment
The instructor-led course includes case studies providing a simulation of assessment scenarios that may help you in solving common problems within your own payment environment. More information will be provided about the exam upon registration.
For those taking ISA training via eLearning, click here to locate a testing center near you.
Right for You?
24-25 May 2023
12-13 Jun 2023
9:00-17:30 CET This class will be conducted in Spanish
Barcelona, Spain: Hosted by 1stSecureIT (dba GM Sectec). For pricing and registration, please contact Romana Sturdikova at firstname.lastname@example.org
11-12 Jul 2023
9:00-17:30 This class will be conducted in Spanish
Mexico City: Hosted by 1stSecureIT (dba GM Sectec). For pricing and registration, please contact Romana Sturdikova at email@example.com
13 Jul 2023
25-26 Jul 2023
09:00-17:30 GMT This class will be conducted in Spanish
Bogota, Colombia: Hosted by 1stSecureIT (dba GM Sectec). For pricing and registration, please contact Romana Sturdikova at firstname.lastname@example.org
3-4 Aug 2023
8-9 Aug 2023
Miami, FL: Hosted by 1stSecureIT (dba GM Sectec). For pricing and registration, please contact Romana Sturdikova at email@example.com
16 Aug 2023
08:00-16:30 JST This class will be translated into Japanese
22-23 Aug 2023
9:00-17:30 This class will be conducted in Spanish
Santiago, Chile: Hosted by 1stSecureIT (dba GM Sectec). For pricing and registration, please contact Romana Sturdikova at firstname.lastname@example.org
10-11 Sep 2023
21 Sep 2023
09:00-17:30 This class will be conducted in Spanish
Remote: Hosted by BOTECH FRAUD. For pricing and registration, please contact Ruth Lares at Ruth.email@example.com
27-28 Sep 2023
9:00-17:30 CET This class will be conducted in Spanish.
Madrid, Spain: Hosted by BOTECH FRAUD. For pricing and registration, please contact Hugo Yepes at Hugo.firstname.lastname@example.org
19-20 Oct 2023
1 Nov 2023
6-7 Dec 2023
Remote classes are a combination of eLearning and a live webinar.
* Pricing for these classes does not include VAT, HST, etc.
Become an ISA when you take this class and become qualified.
New ISA Training Non-PO (In person or eLearning)
New ISA Training (In person or eLearning) Principal/Associate PO
Requalification ISA Training Non-PO
Requalification ISA Training PO
New ISA Exam Retake fee via Pearson VUE
Please note: Unless otherwise specified the training and exam will be delivered in English.
Price does not include any applicable VAT/HST/GST which will appear on your invoice.
* Not including VAT
**Become a Participating Organization and SAVE up to 40% on ISA training fees. To learn about becoming a Participating Organization please click here.
How to Prepare for the Exam
Prior to beginning the PCI Fundamentals training, you should familiarize yourself with these publications on the PCI website:
The PCI Fundamentals online course must be completed prior to the start of your training class.
Exam Information – PCI Fundamentals
The online prerequisite course concludes with a 60 question multiple-choice exam. Once the candidate has completed the PCI Fundamentals training and exam, the Primary Contact will be notified of either a passing or failing grade. If the candidate failed the exam, he or she will be allowed two additional attempts to take and pass without being charged an additional fee.*
*If the candidate receives a failing grade for the PCI Fundamentals course after the third attempt, his or her seat at the instructor-led session will be forfeited. If he or she wishes to try again, the candidate will be required to pay the full course fee for a second time and receive a passing grade in the PCI Fundamentals course to be allowed to attend the two-day instructor-led session. There will be no exceptions made and by paying the invoice, you agree to these terms.
Exam Information – Instructor-led ISA Qualification Course
This two-day classroom instruction provides:
- In-person engagement and collaboration as well as networking opportunities
- Ability to focus on curriculum in classroom setting
- Learn directly from an expert PCI SSC trainer with hands-on experience assessing merchants and/or service providers
Taking the exam – The certification exam is given immediately following the instructor-led course. The only document you will be allowed to reference during the testing is a translation dictionary, if needed. No electronic devices may be used during the exam. This is a closed book exam. The exam consists of 75 multiple choice questions. You will have 90 minutes to complete it.
The Primary Contact at the Sponsor Company will be notified of results within two weeks after the ISA candidate attends the instructor-led PCI SSC ISA training and exam. Candidates who fail this exam may pay $165 and retake the exam at a Pearson VUE Testing Center within 30 days of failing status notification. Candidates who wish to enroll in a second class will be required to pay the full costs for the chosen location and will be required to retake and pass PCI Fundamentals. If the candidate passes, the Sponsor Company will be sent a certificate that validates the candidate’s active ISA status for the next 12 months.
Exam Information – eLearning ISA Qualification Course
This self-paced online eLearning course offers:
- Flexible scheduling 24/7/365
- Learn from your home or office
- Reduced travel costs and time away from work
Taking the exam – Upon completion of the eLearning curriculum, the student will take the qualification exam at one of over 4,000 Pearson VUE Testing Centers worldwide. The student will receive a voucher number to be redeemed in Pearson VUE’s online registration system; testing location and time are selected by the student. The exam must be completed in one sitting and must be taken within 90 days of the candidate being given the information on how to schedule the exam.
Candidates who fail this exam may pay $165 and retake the exam at a Pearson VUE Testing Center within 30 days of failing status notification. If the candidate fails the second exam, he/she is required to pay for and retake the entire course, including PCI Fundamentals, in either instructor-led or eLearning format.
Registrants must have significant relevant security audit and assessment experience (including but not limited to Network Security, Application Security and Consultancy, System Integration, and Auditing). A minimum of five years experience is recommended.
Complete and Submit an Application
ISA training candidates must be sponsored by their employer.
If your company is already an ISA sponsor, please request that your Primary Contact submit a training registration on your behalf through the ISA Portal.
If your company is not already an ISA sponsor, please refer to the ISA Qualification Requirements for a complete program description and requirements, and to confirm that both you and your organization are well suited for the program. Then follow the steps below:
- Submit ISA registration form
- Complete company application (Primary Contact will gain access to the online application on the PCI SSC secure portal only after the ISA registration form has been approved).
- Enroll professionals in ISA training (Primary Contact will have the ability to enroll professionals in ISA training through the portal only after the ISA Company application has been approved).
Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of ISA training request approval). For more information about the training fees, please see the ISA Training Pricing page.
In order to maintain the high standards set for this certification, all ISA employees must re-certify every 12 months in order to continue as an Internal Security Assessor for their Sponsor Company. All ISA Program training attendees will be required to sign and accept the terms of the PCI SSC ISA Employee Certification form at the time they begin the online training.
All training inquiries and assignments must be submitted through the ISA Sponsor Company’s Primary Contact. Primary Contacts will submit training requests via the ISA Portal. PCI SSC requires all ISA trainees to be full time employees of the company that sponsors their ISA training. Once certified, if an ISA professional leaves their sponsoring company, they must complete new certification sponsored by their new employer.
All requests for requalification must be submitted at least two weeks prior to the certificate expiration date. Attempting to recertify two weeks or more after the ISA’s annual expiration date will require the ISA to attend New ISA training.
To register, please have your company’s primary contact log into the portal to submit the request. Primary contacts, please submit questions to the ISA Program Manager at email@example.com
*Note: Payment of the training invoice must be received before login information will be sent to the candidate.
PCI isn't the most exciting or entertaining material. With the instructor's humor and real world experience, learning PCI and how to be an ISA was a good experience.
Nolan, Liberty Mutual
Loved the training. I learned a lot and made many notes on what I need to do for 2013 SAQ.
Paul R Plutae, ACG Texas, LP
The instructor did an excellent job, I highly recommend him for all future trainings.