The Internal Security Assessor qualification was designed to help people perform internal audits for their own company and to make a list of fix items as they relate to PCI DSS compliance. You should be sponsored by your company before registering for the official exam with the Security Council. This certification will enable you to act as a go-between with external PCI auditors such as a Qualified Security Assessor (QSA) and your company.
The practice test is 60 multiple choice questions and a second test with 35 bonus questions. Before taking the ISA exam with the security council, students will need to take and pass the online PCI fundamentals primer before completing the qualification course. The security council offers a 2-day course that will cover the PCI DSS requirements and what the Report on Compliance (ROC) entails. After completing the class, you can take the test and annual re-certification will be required similar to the Qualified Security Assessor certification. Please refer to the PCI DSS Security Council website for more information regarding ISA training classes and exams.
The qualification process involves the following three primary steps (described further below):
1. Sponsor Company Qualification: The candidate organization must apply for qualification as a Sponsor Company. Applying for qualification requires submission of a complete Sponsor Company Application Package (defined in Section 1.2.1 below), including executed Sponsor Attestation. Sponsor Company qualification occurs once the above has been processed and the applicant has been notified by PCI SSC.
2. ISA Qualification: The process whereby employees of Sponsor Companies may be trained, tested, and ultimately qualified as PCI SSC-approved “Internal Security Assessors” or “ISAs.” ISA qualification registration on behalf of the ISA candidate is achieved by its supporting Sponsor Company employer (by submitting a training request through the Portal), payment of applicable ISA Program training fees by the Sponsor Company (see Website for ISA Program Fees), successful completion of ISA training and examinations, and the ISA candidate accepting the ISA Attestation through the Portal.
3. Annual Re-Qualification and Good Standing: To maintain “Good Standing,” a Sponsor Company must satisfy the requirements in Section 2.2, including but not limited to payment of applicable ISA training fees. To maintain “Good Standing,” an ISA must satisfy the requirements in Section 3.3, including but not limited to successful completion of all required ISA requalification training and exams.