Internal Security Assessors

Internal Security Assessor (ISA) sponsor companies are organizations that have been qualified by the Council. The Council’s Internal Security Assessor Program provides an opportunity for employees of ISA sponsor companies to receive training and qualification, to improve their organization’s understanding of the PCI Data Security Standard (PCI DSS), facilitate the organization’s interactions with Qualified Security Assessors (QSAs), enhance the quality, reliability, and consistency of the organization’s internal PCI DSS self-assessments, and support the consistent and proper application of PCI DSS measures and controls.

Please note, the PCI Security Standards Council maintains an in-depth program for companies seeking to be certified as Internal Security Assessors (ISA), and to be re-certified as ISAs each year.

Certification and re-certification indicates only that the applicable ISA has successfully met all PCI Security Standards Council requirements to perform PCI DSS Assessments, and the PCI Security Standards Council does not endorse this ISA provider or their business processes or practices.

Although the PCI Security Standards Council strives to ensure that the list of Internal Security Assessors linked to on this page is current, it is updated frequently and the Council cannot guarantee that the list is up-to-date at all times. It is advised to re-check this list to ensure that its advisor has successfully maintained its status as a Internal Security Assessor (ISA).

Read more

Verify an ISA Employee