Misplaced Pages

Internal Security Assessor

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

Internal Security Assessor (ISA) is a designation given by the PCI Security Standards Council to eligible internal security audit professionals working for a qualifying organization. The intent of this qualification is for these individuals to receive PCI DSS training so that their qualifying organization has a better understanding of PCI DSS and how it impacts their company. Becoming an ISA can improve the relationship with Qualified Security Assessors and support the consistent and proper application of PCI DSS measures and controls within the organization. The PCI SSC's public website can be used to verify ISA employees.

An ISA is also able to perform self-assessments for their organization as long as they are not a Level 1 merchant

ISA training is only available for merchants and processors. Organizations are required to have an internal audit department and cannot be affiliated with a Qualified Security Assessor or Automated Scanning Vendor (ASV) company in any way.

Certificate Renewal

The ISA certification must be renewed annually. The ISA certification is company-specific. If the certified individual leaves the company that sponsored them, the certification is no longer valid

References

  1. “Internal Security Assessor (ISA) Program.” . Available: https://www.pcisecuritystandards.org/assessors_and_solutions/become_isa. .
  2. “Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards.” . Available: https://www.pcisecuritystandards.org/assessors_and_solutions/internal_security_assessors. .
  3. “Can a PCI Internal Security Assessor validate level 1 merchants?,” SearchSecurity. . Available: http://searchsecurity.techtarget.com/answer/Can-a-PCI-Internal-Security-Assessor-validate-level-1-merchants. .
  4. “Avoid Paying For PCI Certification You Don’t Need | FierceRetail.” . Available: https://www.fierceretail.com/operations/avoid-paying-for-pci-certification-you-don-t-need Archived 2022-05-17 at the Wayback Machine. .
  5. J. Vijayan, “PCI council launches certification program for IT staff,” Computerworld, 30-Apr-2010. . Available: https://www.computerworld.com/article/2517837/security0/pci-council-launches-certification-program-for-it-staff.html. .

External links

Categories: