Dara Security

QSA Rotation

August 05, 2019

In our commitment to providing quality PCI Data Security Standard (PCI DSS) assessments, we support the recently raised best practice of Qualified Security Assessor (QSA) Rotation. Discussions within the assessor community have focused on driving quality in PCI DSS assessments, and the idea of rotating the QSA emerged as a best practice. The PCI Standards Security Council has embraced this best practice and encourages organizations to consider and explore this strategy.

QSA Rotation calls for an organization to change the QSA who has been routinely conducting the organization’s PCI DSS Audit. A different assessor would provide a fresh perspective on the environment, diverse knowledge and skills to the audit, and different questions that could yield a higher quality assessment. QSA Rotation could also bring out potential issues that may have been overlooked by an assessor who is overly familiar with an environment through repeated audits.

With our team of QSAs, we are well-positioned to provide you with a different QSA from Dara Security should you decide to implement the QSA Rotation best practice for your organization. Our QSAs hold the industry’s highest certifications: CISA, CISSP, PCI QSA, PCI P2PE, and PCI QPA and are ready to support your assessment needs.