Companies that are required to undergo an audit and complete a Report on Compliance (ROC) for PCI DSS compliance should be assessed by an approved PCI QSA.
The right QSA can help identify and address security risks while meeting an organisation’s specific needs and budget. A good QSA is able to translate concepts into business terms, giving the company a firm grasp on the PCI requirements and the impact they may have on the business.
Selecting a QSA that has the right knowledge and experience will not only ensure that you achieve and maintain compliance with the PCI DSS, it will also give you the peace of mind that you are able to reduce your risks and control your costs on an ongoing basis.
A Qualified Security Assessor is a highly skilled security consultant who has been certified by the PCI Security Standards Council to validate an entity’s compliance with the PCI DSS and to guide an organisation through the PCI compliance requirements.
Please see below a list of some of the QSAs that Aeriandi have worked with:
NCC Group is a global expert in cyber security and risk mitigation. They are accredited by the Payment Card Industry as Qualified Security Assessor (QSA) and as a PCI Approved Scanning Vendor (ASV). With a global team of security consultants across 30 locations worldwide, they offer a range of PCI compliance services such as PCI penetration testing, auditing, consulting, scanning and reporting.
Dionach provide PCI DSS advice and consultancy, penetration tests and other assurance services. Dionach have PCI QSAs who can help you with reducing PCI DSS scope, practical ways to achieve compliance, assistance with your SAQ, and formal Reports on Compliance.
Formed in 2001 Coalfire is the world’s largest 100% independent QSA company and one of the first ever QSA companies. Headquartered in Westminster Colorado with office throughout the USA, Canada, Latin America and Europe. Coalfire is the largest PA DSS assessor, one of the leading P2Pe Application and Solution assessors, a PCI DSS ASV and global PCI DSS QSA.
Industry leading Qualified Security Assessors – 2Secs team of highly experienced information security professionals have been working with PCI DSS since it was introduced as version 1.0 in 2004. They cover the entire range of payment card compliance services including PA-DSS, P2PE, Penetration Testing, PCI DSS Training and Application Security. Their mission is to ‘simplify security’ so all their communication is clear and jargon free.
Cipher is a top tier PCI Qualified Security Assessor (QSA) and PCI Approved Scanning Vendor (ASV). They have over 10 years of experience working with merchants of all sizes, payment processors, service providers, card brands and acquiring banks. Their certified consultants are knowledgeable on all PCI DSS requirements, and can help you navigate the requirements, define the minimised scope, identify the processes you need to implement, as well as assess and maintain your PCI environment to ensure compliance.