Payment Card Industry Qualified Security Assessor (PCI QSA) is a designation conferred by the PCI Security Standards Council to groups that are qualified to perform PCI assessments and consulting services.
To qualify as a PCI QSA, a business must meet information security education standards, take training from the PCI Security Standards Council and renew certification annually.
A PCI QSA is hired as an impartial third party by organizations subject to the PCI Data Security Standard to conduct a PCI assessment or advise the organization on how to achieve PCI compliance. During a PCI assessment, the QSA determines whether the organization has met the 12 requirements of PCI-DSS, and can help evaluate the suitability of any compensating controls. The QSA then completes a Report on Compliance (ROC) to verify the organization’s compliance. The ROC is sent to the organization’s merchant bank, which then sends it to the appropriate credit card company for verification.
Black Hills Information Security is a PCI QSA company with a certified QSA on staff – this can be referenced on the PCI website here.
BHIS can also help with self-assessment questionnaires (SAQs). An SAQ is an option for smaller organizations that don’t need a full Report on Compliance.