Qualified Security Assessor (QSA) ™
About the Course
The New QSA course consists of two parts: an on-line course including a fifty question multiple choice exam and a two-day instructor-led session ending with a seventy-five question multiple choice exam.
To register a candidate for a New QSA training course, the primary contact of the QSA Company must first submit a resume to the Training Coordinator for review with a request for registration in a specific on-site training session. After the resume has been approved, the candidate will be registered for the on-site instructor-led session that the Primary Contact requested. An invoice for the full amount of the course will be issued to the Primary Contact and once it has been paid, login credentials for the online prerequisite course PCI Fundamentals will be emailed to the candidate with instructions on how to complete the course. The PCI Fundamentals Course is a seven hour online training course and exam that is required to be successfully completed one week prior to the start of the on-site instructor-led QSA session.
Once the candidate has completed the PCI Fundamentals training course and exam, the Primary Contact will be notified of either a passing or failing grade. If the candidate failed the exam, he or she will be allowed one additional attempt to take the exam and pass without being charged an additional fee. If the candidate passed the exam, the candidate’s seat will be confirmed and a confirmation email will be sent to the Primary Contact with complete location details. As a QSA candidate, your seat is not confirmed until your Primary Contact receives a confirmation email.
If the candidate receives a failing grade for the PCI Fundamentals course, his or her seat at the instructor-led session will be forfeited. If he or she wishes to try again, the candidate will be required to pay the full course fee for a second time and receive a passing grade in the PCI Fundamentals course to be allowed to attend the two-day instructor-led session. There will be no exceptions made and by paying the invoice, you agree to these terms.
At this time PCI SSC does not offer QSA certifications to individuals who do not work for validated QSA Companies. You must be a full time employee of a QSA Company in order to attend QSA Training and be certified as a QSA. Please refer to the PCI Awareness Training page for an optional training opportunity that may meet your needs.
In order to attend any of the above trainings your company must already be a validated QSA Company. Please see the Validation Requirements for Qualified Security Assessors (QSAs) v 1.2. for more details.
If you are preparing to attend PCI QSA requalification training, please be aware of the required documentation that your primary contact will need to submit on your behalf.
NEW QSA training documentation requirements:
- All training inquiries and assignments must be submitted through the QSA company's primary contact.
- PCI SSC requires all training attendees to be full time employees of a Validated QSA company.
- QSA applicants must meet either of the following minimum requirements, and a resume must be submitted reflecting:
- CISSP, CISA or CISM Certificate, or
- 5 Years of IT Security experience in a Resume format
- All QSA Program training attendees must accept and sign the PCI SSC QSA Employee Certification form and submit at the training session.
- The only document that attendees will be allowed to reference during the test is a translation dictionary if needed.
I thought the instructor was excellent and his insights and experience greatly helped towards the overall understanding.Janet Edwards, K3DES, LLC
It was very useful to see the QSA role from the perspective of the assessor rather than from the customer's viewpoint.Chris Leppard, Trustwave
The way that the instructor was able to cover a vast amount of material in a relatively short time and make us remember it - without the training it would have taken weeks and weeks to get the same level of understanding.David Newman, TELUS Security Solutions