Qualified Security Assessor – Frequently Asked Questions (FAQ)

What is a QSA Company?

Answer: Qualified Security Assessor (QSA) companies are organisations that have been qualified by the PCI SSC Council) to have their employees assess compliance to the PCI DSS standard. Qualified Security Assessors are employees of these organisations who have been certified by the Council to validate an entity’s adherence to the PCI DSS standards. And these Qualified Security Assessors must meet specific information security education requirements and have undertaken appropriate training and certification from the PCI Security Standards Council.

How do QSA Companies reach Certification?

Answer: Qualified Security Assessor (QSA) companies are organisations that have been qualified by the PCI SSC Council) to have their employees assess compliance to the PCI DSS standard. Qualified Security Assessors are employees of these organisations who have been certified by the Council to validate an entity’s adherence to the PCI DSS standards. And these Qualified Security Assessors must meet specific information security education requirements and have undertaken appropriate training and certification from the PCI Security Standards Council. The PCI Security Standards Council maintains an in-depth training program covering all new trends and technologies associated with payment and card data security for companies seeking to be certified as Qualified Security Assessors (QSAs), as well as to be re-certified as QSAs each year. Stickman Consulting is a listed QSA Company having expertise and capable record in assisting wide range of organisations with their PCI DSS Compliance.

Is Stickman Consulting a QSA Company?

Answer: YES – Stickman Consulting is a Qualified Security Assessor (QSA) company qualified by the PCI SSC Council where our QSA qualified employees assess compliance to the PCI DSS standard. Stickman Consulting Qualified Security Assessors are employees of Stickman Consulting who have been certified by the Council to validate an entity’s adherence to the PCI DSS standards. All of Stickman Consulting’s (QSA) Qualified Security Assessors must meet specific information security education requirements and have undertaken appropriate training and certification from the PCI Security Standards Council.https://www.stickman.com.au/servicesStickman Consulting QSA Services:Stickman Consulting QSA consultants perform a range of PCI Compliance services for our clients starting from PCI GAP Assessments, PCI Remediation, and card holder data scanning and network Scans, PCI Certification and other unique packaged services such as StickFigure which helps clients to complete Self Assessment Questionnaires (SAQ).

Is Stickman Consulting listed on the QSA Companies list?

Answer: YES – Stickman Consulting is a Qualified Security Assessor (QSA) company qualified by the PCI Security Standards Council and can be found under “Approved Companies and Providers” listed within the QSA Companies on the PCI SSC Council website.

What do PCI DSS Services Include?

Answer: Stickman Consulting QSA Services:

In Stickman Consulting QSA consultants perform a range of PCI Compliance services for our clients starting from PCI GAP Assessments, PCI Remediation, and Credit Card data scanning and network Scans, PCI Certification and other unique packaged services such as StickFigure which helps clients to complete Self Assessment Questionnaires (SAQ).

How do I reduce the scope of a PCI DSS assessment?

Answer: Network segmentation of, or isolating (segmenting), the cardholder data environment from the remainder of an entity’s network is strongly recommended as a method that may reduce the scope of a PCI DSS assessment. At a high level, adequate network segmentation isolates systems that store, process, or transmit cardholder data from those that do not. Network segmentation can be achieved through a number of physical or logical means, such as properly configured internal network firewalls, routers with strong access control lists, or other technologies that restrict access to a particular segment of a network. An important prerequisite to reduce the scope of the cardholder data environment is a clear understanding of business needs and processes related to the storage, processing or transmission of cardholder data. Restricting cardholder data to as few locations as possible by elimination of unnecessary data, and consolidation of necessary data, may require reengineering of long-standing business practices. Documenting cardholder data flows via a dataflow diagram helps fully understand all cardholder data flows and ensures that any network segmentation is effective at isolating the cardholder data environment. The adequacy of a specific implementation of network segmentation is highly variable and dependent upon a number of factors, such as a given network’s configuration, the technologies deployed, and other controls that may be implemented. You should be validating the scope of your cardholder data environment as part of your annual PCI DSS assessment process, including validation of any network segmentation.

Talk to a consultant

Companies who made the smart decision to be safe, secure and compliant with Stickman