Audited

3DS Assessors are qualified by PCI SSC to perform assessments using the PCI 3DS Core Security Standard (Security Requirements and Assessment Procedures for EMV® 3-D Secure Core Components: ACS, DS, and 3DS Server). 3DS Assessor Employees are individuals who are employed by a 3DS Assessor Company and have satisfied all 3DS Assessor Qualification Requirements applicable to employees of 3DS Assessor Companies who will conduct 3DS Assessments, as described in further detail in the Qualification Requirements For 3DS Assessors.

Card Production Security Assessor (CPSA) Companies are security organizations that have been qualified by the Council to validate an entity's adherence to the PCI Card Production Logical Security and/or Physical Security Standards. CPSA Employees are individuals who are employed by a CPSA Company and have satisfied all requirements to perform PCI Card Production Security Assessments as described in the CPSA Qualification Requirements.

 Internal Security Assessor (ISA) sponsor companies are organizations that have been qualified by the Council. The Council’s Internal Security Assessor Program provides an opportunity for employees of ISA sponsor companies to receive training and qualification, to improve their organization’s understanding of the PCI Data Security Standard (PCI DSS), facilitate the organization’s interactions with Qualified Security Assessors (QSAs), enhance the quality, reliability, and consistency of the organization’s internal PCI DSS self-assessments, and support the consistent and proper application of PCI DSS measures and controls. 

 Payment Application Qualified Security Assessor (PA-QSA) Companies are organizations that have been qualified by the PCI Security Standards Council to perform PA-DSS Assessments for PA-DSS Program purposes. PA-QSA Employees are individuals who are employed by a PA-QSA Company and have satisfied all PA-QSA Qualification Requirements applicable to employees of PA-QSA Companies who will conduct PA-DSS Assessments, as described in further detail in the PA-QSA Qualification Requirements. 

Organizations qualified by PCI SSC to validate P2PE Solutions and P2PE Components on behalf of P2PE Vendors are referred to as Qualified Security Assessor P2PE Companies (QSA (P2PE) Companies); Organizations qualified by PCI SSC to validate P2PE Applications on behalf of Vendors are referred to as Payment Application Qualified Security Assessor P2PE Companies (PA-QSA (P2PE) Companies). The quality, reliability, and consistency of a QSA (P2PE) Company and/or PA-QSA (P2PE) Company’s work provide confidence that the P2PE Solution, P2PE Component and/or P2PE Application has been validated for P2PE compliance

 Qualified PIN Assessor (QPA) Companies are security organizations that have been qualified by the Council to validate an entity's adherence to the PCI PIN Standard. QPA Employees are individuals who are employed by a QPA Company and have satisfied all requirements to perform PCI PIN Assessments as described in the QPA Qualification Requirements. 

 Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. QSA Employees are individuals who are employed by a QSA Company and have satisfied and continue to satisfy all QSA Requirements. 

 Software Security Framework (SSF) Assessor companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate a vendor's payment software and/or to evaluate a vendor's software lifecycle.

Secure Software Assessors are employed by an SSF Assessor Company and have satisfied and continue to satisfy all applicable requirements to perform Secure Software Assessments.

Secure Software Lifecycle (SLC) Assessors are employed by an SSF Assessor Company and have satisfied and continue to satisfy all applicable requirements to perform Secure SLC Assessments.