An Overview of PCI Security Standards Testing and Certification Programs
Posted April 21st, 2011
The PCI Security Standards Council is an open global forum that manages the development, management, education, and awareness of the PCI (payment card industry) security standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.
To ensure a uniform, global approach to account security, the PCI Security Standards Council operates training, testing and certification programs for Qualified Security Assessors (QSAs) and Approved Scanning Vendors (ASVs).
Each of the five founding payment brands — American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc. — recognize the QSAs and ASVs certified by the PCI Security Standards Council as being qualified to validate compliance to the PCI DSS standards. Organizations engaging QSAs or ASVs to validate their compliance with the PCI DSS will follow policies and guidelines established by the individual payment brands.
Training Overview
The PCI Security Standards Council operates in-depth programs for security companies seeking to become Qualified Security Assessors (QSAs) or Payment Application Qualified Security Assessors (PA-QSAs). Companies can become re-certified each year. You must be a full time employee of a validated QSA company in order to attend QSA training and be certified as a QSA. Your company must already be a validated PA-QSA company if you wish to attend that training.
The Council also maintains a structured process for security solution providers to become Approved Scanning Vendors (ASVs), or to be re-approved each year. The PCI ASV training program, for staff and security personnel of ASV companies, is comprised of an in-depth eight-hour online course and exam covering the Payment Card Industry, PCI Data Security Standards (PCI DSS) requirements, and ASV scan testing procedures. Following this training, ASV staff will be better equipped to serve their customers in ensuring the quality of scan outputs and providing reports that are complete and accurate.
The PCI SSC Internal Security Assessor (ISA) program provides an opportunity for eligible internal security audit professionals of qualifying organizations to
• receive PCI DSS training and certification to improve the organization’s understanding of the PCI DSS
• facilitate the organization’s interactions with QSAs
• enhance the quality, reliability, and consistency of the organization’s internal PCI DSS self-assessments
• support the consistent and proper application of PCI DSS measures and controls.
Designed for internal security assessment staff at ISA sponsor companies, the ISA program is composed of a four hour online pre-requisite course and exam covering PCI fundamentals, followed by an in-depth two day instructor-led course and exam. Successful completion results in ISA qualification and a PCI DSS ISA certificate.
To hire PCI-certified professionals, or to find out more, contact Bayside Solutions, your Bay Area IT staffing solutions experts.
