Search
Close this search box.

Insights

3 Tips on Finding the Right PCI QSA

Share

LinkedIn
Facebook
Threads
X
Reddit
Email

If your organization is new to Payment Card Industry (PCI) compliance, you are probably wondering how you should choose which Qualified Security Assessor (QSA) to work with. This decision is not one to take lightly, as there are nearly four hundred QSA Companies (QSAC), with an estimated one thousand individual QSAs.

There are three main areas you should focus on when vetting your potential QSAC and QSAs. First, you must ensure that the QSAC and QSA have experience in your industry. The QSAC and QSA should also have an in-depth understanding of the Payment Card Industry Data Security Standard (PCI DSS), and should be able to articulate the key details for your environment. Finally, you should look to form a committed partnership with your QSAC and QSA. PCI DSS compliance is not a binder you dust off once a year, but instead requires you to develop an ongoing and regularly updated process.

Industry Experience

There are several benefits to working with a QSA with experience in your industry. The PCI DSS does not change based on your organization’s industry, but a QSA with industry experience can be a valuable resource when recommending control implementation or remediation efforts. A QSA that was worked with several clients within your (or a similar) industry will be able to outline processes they have seen work well. In addition, they can warn of potential roadblocks other organizations have run into. In addition to direct industry experience, a QSA that has worked in several unrelated industries can provide a unique perspective and approach to meeting some of the more difficult requirements.

PCI QSA: an In-Depth Understanding

The PCI DSS is a very detailed and prescriptive set of requirements, and you will want to speak with your potential QSA to gauge their level of understanding. The best way to accomplish this is by walking through the unique aspects of your cardholder data environment (CDE).

Every organization has a unique process, team, or segmentation issue that requires detailed planning to ensure maintained compliance. Use your various QSA services as resources in planning these changes to ensure the proposed changes will not result in failed requirements. There are also many efficiencies to gain by reviewing multiple requirements simultaneously. Knowledgeable QSAs should not walk you through the PCI DSS in a straight line, but will combine the tests to make the audit a smooth process.

Committed Partnership

PCI DSS compliance is not just an annual task. The PCI DSS has always been a continual process, and starting January 2018 new requirements will ensure organizations are monitoring their compliance as an ongoing project. Therefore, expert QSA consulting is required throughout the year to ensure the company is still maintaining compliance. The last thing you want is a new QSA every year that has to start from scratch learning everything about your business processes and CDE.

Finding a new QSA to work with should not be a hasty decision, but it does not have to be a complicated process, either. Ensure the QSA and QSAC you will be working with has worked within your industry, but can also support that experience with a perspective of several other industries. The QSA you will be working with should have a thorough understanding of the PCI DSS complexities, and should be able to identify and walk you through potential solutions in your CDE. Lastly, in your QSA assessment, you should be looking for a partnership, not a “check-the-box” annual audit. With these three factors in mind, your organization can find a QSA that will effectively assist you in adhering to PCI DSS.

Additional Resources

Find a QSA – The PCI SSC maintains a list on their website to verify all QSAC and QSA certifications. This resource provides contact information, as well as a feedback opportunity.

QSA Qualification Requirements – The PCI SSC publishes the prerequisites, course outline, and requalification requirements. Reviewing these documents will help you understand the baseline competency, and will allow for more in-depth technical conversations with your QSA.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Get the insights that matter.

Stay informed with priority news and key industry updates by filling out the form to subscribe.
Name*
This field is hidden when viewing the form

Connect with a Wolf Expert

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Wolf Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*

Newsletter (Insight & Case Study | Wolf Website

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Get the insights that matter.

Stay informed with priority news and key industry updates by filling out the form to subscribe.
Name*
This field is hidden when viewing the form

Data Solutions | LinkedIn Ads Form

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Data Solutions Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*

Get back to business with accounting support from Wolf & Company.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Outsourced Accounting Solutions Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*

Data Solutions | Page

Get back to business with accounting support from Wolf & Company.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Fill out the form below and our team will reach out to you soon.
Name*

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Data Solutions Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*

Connect with a Wolf Expert

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Wolf Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*

Fintech Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name(Required)

Fintech Inquiry Form

Fill out the form below and our team will reach out to you soon.

Get back to business with accounting support from Wolf & Company.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Outsourced Accounting Solutions Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

DenSecure Inquiry Form

Fill out the form below and our team will reach out to you soon.
Name*

We’re here to help.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Fill out the form below and our team will reach out to you soon.
Name*
This field is hidden when viewing the form