Qualified Security Assessors

Qualified Security Assessor (QSA) companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate an entity’s adherence to PCI DSS. QSA Employees are individuals who are employed by a QSA Company and have satisfied and continue to satisfy all QSA Requirements.

Please note, the PCI Security Standards Council maintains an in-depth program for security companies seeking to be certified as Qualified Security Assessors, and to be re-certified as QSAs each year.

Certification and re-certification indicate only that the applicable QSA has successfully met all PCI Security Standards Council requirements to perform PCI DSS Assessments, and the PCI Security Standards Council does not endorse these security solution providers or their business processes or practices.

Although the PCI Security Standards Council strives to ensure that the list of Qualified Security Assessors linked to on this page is current, it is updated frequently and the Council cannot guarantee that the list is up-to-date at all times. Accordingly, each time a client engages a QSA, they are advised to check this list to ensure that its advisor has successfully maintained its status as a Qualified Security Assessor.

Read more

Let us know what you think

Your experiences with their service will help make the global team better!
Give Feedback

Find a Qualified Security Assessor Company

Filter by
Export List 
Company
Place of Business
Primary Contact
Regions
Languages
Supports
Associate QSA
 
* 'In Remediation' status indicates a determination by the Council, after Quality Assurance review, that a QSA organization has violated applicable QSA Validation Requirements. This status may result from failure to comply with any number of applicable QSA Validation Requirements. QSAs are notified when remediation is required, and QSAs listed as "In Remediation" may be actively seeking to remedy this status. For more about remediation please visit QSA Remediation Statement

** QSA Company has QSA(s) trained in PCI DSS v4 and qualified to perform PCI DSS v4 assessments.

For information about the status of a particular QSA, please contact that QSA.

*Servicing Markets Abbreviations
AP - Asia Pacific, CEMEA - Central Europe, Middle East, and Africa LAC - Latin America and the Caribbean