||This article has multiple issues. Please help improve it or discuss these issues on the talk page.
The Payment Card Industry (PCI) Qualified Security Assessor (QSA) designation is conferred by the PCI Security Standards Council to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of a Qualified Security Assessor (QSA) company Approved PCI Security and Auditing Firm, and will be performing PCI compliance assessments as they relate to the protection of credit card data.
The term QSA can implied to identify an individual qualified to perform PCI compliance auditing and consulting or the firm itself.
The primary goal of an individual with the PCI QSA certification is to perform an assessment of a firm that handles credit card data against the high-level control objectives of the PCI Data Security Standard (PCI DSS). There are different levels of auditing and reporting requirements, but the twelve high-level control objectives, and corresponding sub-requirements, of the PCI Data Security Standard are required to be met either directly or through a compensating control. Requirement 3.2 prohibits the storage of track data and does not allow for compensating controls. Compensating controls are not always allowed and must be approved on a case-by-case basis.