As introduced in August 2017, in 2019 the PCI SSC will increase the industry-recognized professional certifications requirement for QSAs from one industry certification to a minimum of two: one information security and one IT audit certification. To assist with this new requirement, ISACA is partnering with the PCI SSC to provide discounts on the non-member rate for its Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications.
Here we talk with PCI SSC Senior Director of Certification Programs Gill Woodcock and ISACA Director of Certification Kim Cohen to learn more about the new QSA industry-recognized professional certifications requirement, how ISACA certifications fit in, and how PCI SSC and ISACA are working together to help QSAs.
What do QSAs need to do to meet this new industry-recognized professional certifications requirement?
Gill Woodcock, PCI SSC: All QSAs qualifying after 1 January 2019 must have an industry certification in both Information Security and IT Audit. For QSAs qualified before 1 January 2019, this requirement will take effect upon requalification after 30 June 2019. This is outlined in the QSA Qualification Requirements.
How does this requirement benefit QSAs and the wider industry?
Gill Woodcock, PCI SSC: The PCI Council is focused on evolving the QSA program to ensure its sustainability and quality in a changing payment environment. The balance of information security and audit related industry certification gives QSAs the best tools to meet the challenges they face.
What can you tell us about ISACA certifications and the value they offer to QSAs?
Kim Cohen, ISACA: Among ISACA’s key strengths are the enduring relevance of our globally accepted certifications and our respected training programs. The requirements and examinations are continuously reviewed and honed by the expertise of our 165,000+ strong worldwide community of information systems professionals. The award-winning CISA certification is recognized as affirming its holders as the most-qualified professionals in information systems audit control, assurance and security. Likewise, the CISM certification acknowledges individuals who manage, design, oversee and assess an enterprise’s information security. The value of these certifications to QSAs goes far beyond checking the requirement box - they confirm their abilities to maintain the highest and most up-to-date knowledge, skills and standards of professionalism required of such trusted practitioners.
How is ISACA collaborating with PCI SSC to help QSAs meet the industry-recognized professional certifications requirement?
Kim Cohen, ISACA: First and foremost, our hope is to make sure that the new requirements are not overly burdensome to the assessor community. One way to make sure this is the case is by making it easy and affordable for those in the assessment community that may not yet have audit certification to obtain one. The discount we are offering will hopefully allow this to be completed with minimal additional overhead (financially or in time invested) to complete the process. Likewise, we hope to help spread awareness to existing assessors about the requirement to help streamline the transition.
Where can QSAs learn more about how to take advantage of this ISACA offer?
Kim Cohen, ISACA: We have a dedicated page on the ISACA website that provides information on the offer and how to access the discounted rates for ISACA’s Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications. Organizations can click here to visit this page and access the offer.
