[WEBINAR] The New Normal: Dealing with the Reality of an Unsecure World

Qualified Security Assessor (QSA)

Definition - What does Qualified Security Assessor (QSA) mean?

A qualified security assessor (QSA) is an individual who is authorized to validate the adherence of an organization to the requirements of the Payment Card Industry Data Security Standard (PCI DSS). A QSA conducts the assessments and audits the security and compliance controls of an organization in accordance with the latest guidelines provided by the said standard. For an effective adherence to the PCI DSS, it is often recommended to have the requirements validated by an independent QSA.

Techopedia explains Qualified Security Assessor (QSA)

Security consultants and audit professionals are often the recommended candidates for a qualified security assessor program. They can be certified and recertified by attending the training provided by the payment card industry along with passing the certification exam. A QSA undergoing a recertification needs to pursue additional continuing professional education, which can be obtained from other work experiences and training.

A QSA needs to provide merchants with onsite data security assessments, gap analysis, payment card industry consultation and must give advice including remediation services, if needed. A QSA needs to understand the different aspects of an organization's infrastructure including virtual network segmentation, surrounding physical information technology controls, virtualization-specific controls, etc.

Using a QSA could prove expensive and could be less economical than using internal security resources. However, a third-party validation can help in assessing the key areas and controls that could be missed out and can also provide the necessary diligence needed. A QSA can also help an organization meet all the requirements provided by the payment card industry. In this case, the internal resources of an organization need not be diverted from other projects.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
"Techopedia" on Twitter

Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.