Text size Increase Font-SizeDecrease Font-SizeReset Font-Size

Qualified Security Assessor (QSA) ™

About the Course

The New QSA course consists of two parts: an on-line course including a fifty question multiple choice exam and a two-day instructor-led session ending with a seventy-five question multiple choice exam.

To register a candidate for a New QSA training course, the primary contact of the QSA Company must first submit a resume to the Training Coordinator for review with a request for registration in a specific on-site training session. After the resume has been approved, the candidate will be registered for the PCI Fundamentals Course, a four hour on-line training course followed by an exam. The candidate will also be registered for the on-site instructor-led session that the Primary Contact requested. An invoice for the full amount of the course will be issued to the Primary Contact and once it has been paid, login credentials for the on-line PCI Fundamentals Course will be emailed to the candidate with instructions on how to complete the course.

Once the candidate has completed the PCI Fundamentals training and exam, the Primary Contact will be notified of either a passing or failing grade. If the candidate failed the exam, he or she will be allowed one additional attempt to take it and pass without being charged an additional fee. If the candidate passed the exam, the attendee's seat will be confirmed and a confirmation email will be sent to the Primary Contact with complete location details. As a QSA candidate, your seat is not confirmed until your Primary Contact receives a confirmation email.

If the candidate receives two failing grades for the PCI Fundamentals course, his seat at the instructor-led session will be given up. If he wishes to try again, the candidate will be required to pay the full course fee a second time and receive a passing grade in the PCI Fundamentals course to be allowed to attend the two-day instructor-led session. There will be no exceptions made and by paying the invoice, you agree to these terms.

Requirements

At this time PCI SSC does not offer QSA certifications to individuals who do not work for validated QSA Companies. You must be a full time employee of a QSA Company in order to attend QSA Training and be certified as a QSA. Please refer to the PCI Awareness Training page for an optional training opportunity that may meet your needs.

In order to attend any of the above trainings your company must already be a validated QSA Company. Please see the Validation Requirements for Qualified Security Assessors (QSAs) v 1.2. for more details.

If you are preparing to attend PCI QSA requalification training, please be aware of the required documentation that your primary contact will need to submit on your behalf.

NEW QSA training documentation requirements:

  • All training inquiries and assignments must be submitted through the QSA company's primary contact.
  • PCI SSC requires all training attendees to be full time employees of a Validated QSA company.
  • QSA applicants must meet either of the following minimum requirements, and a resume must be submitted reflecting:
    • CISSP, CISA or CISM Certificate, or
    • 5 Years of IT Security experience in a Resume format
  • All QSA Program training attendees must accept and sign the PCI SSC QSA Employee Certification form and submit at the training session.
  • The only document that attendees will be allowed to reference during the test is a translation dictionary if needed.

I thought the instructor was excellent and his insights and experience greatly helped towards the overall understanding.Janet Edwards, K3DES, LLC

It was very useful to see the QSA role from the perspective of the assessor rather than from the customer's viewpoint.Chris Leppard, Trustwave

The way that the instructor was able to cover a vast amount of material in a relatively short time and make us remember it - without the training it would have taken weeks and weeks to get the same level of understanding.David Newman, TELUS Security Solutions


Back to Top

The PCI Security Standards Council (the "Council") provides a variety of tools, questionnaires, guidance, FAQs, training resources and other materials and information to assist organizations seeking to achieve compliance with its standards (the "Standards"). Third party products and services are also available, but the Council does not endorse or recommend any such third party products or services, and advises all organizations seeking to achieve compliance to become familiar with the Standards and related requirements before purchasing third party products or services. Ultimately, all applicable requirements must be met in order to achieve compliance, regardless of whether or what third party products or services are used.