Build internal PCI Secuirty Standard Expertise and Stregnthen your approach to data security and complaince efficency
Which Regulations Matter for Your Organization?
Large merchants, acquiring banks and processors may want to consider the PCI SSC (Payment Card Industiry Security Standards Control) Internal Security Assessor (ISA) Program as a means to build their internal PCI Security Standards expertise and strengthen their approach to payment data security, as well as increasing their efficiency in compliance with data security standards. The ISA Program provides an opportunity for eligible internal security audit professionals of qualifying organizations to receive PCI DSS training and certification that will improve the organization’s understanding of the PCI DSS, facilitate the organization’s interactions with QSAs, enhance the quality, reliability, and consistency of the organization’s internal PCI DSS self-assessments, and support the consistent and proper application of PCI DSS measures and controls.
What to know about the ISA Program:
There is a multi-step procedure for participation in the ISA Program. First, the interested organization must become qualified as an ISA Sponsor Company; then, the individual employees of the organization must receive training on how to validate and maintain ongoing PCI compliance within their organizations. When these steps are successfully completed, acceptance into the ISA program will be confirmed. Annual re-qualification of employees is required.
What You Need to Do - and How MDS Can Help:
Refer to the follow steps below in order to become ISA Compliant. MDS can help you with these regulations and the application process. We will do the heavy lifting so you don’t have to.
Step 1 - Review
Refer to the ISA Qualification Requirements for complete program description and requirements and to confirm that both you and your organization are well suited for the program.
Step 2 - Apply
Complete online application form through PCI SSC’s secure portal. Application requirements include:
- Submit ISA registration form
- Complete company application (Primary Contact will gain access to the online application only after the ISA registration form has been approved by PCI SSC).
- Enroll professionals in ISA training (Primary Contact will have the ability to enroll professionals in ISA training through the portal only after the ISA Company application has been approved).
- Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of ISA training request approval).For more information about the training fees, please see the ISA Training Pricing page.
Step 3 - Train
Upon receipt of payment, the designated primary contact will receive instructions for the online prerequisite portion of the training. Once the PCI Fundamentals training and exam have been passed successfully, the primary contact will receive the location details for the instructor-led class or login credentials for the eLearning class. This will not be released until online PCI Fundamentals training has been taken and the exam passed.
Step 4 - Entrollment
Once the application has been approved by the PCI Security Standards Council, and its designated ISA employees have attended and passed the ISA training, the ISA Sponsor Company will receive confirmation of acceptance into the program, and the ISA employees will each receive a Certificate of Qualification. The ISA employees will be added to the Council’s database of certified ISA personnel, and the company may now perform its own security audits until the time comes to complete the annual Requalification training to maintain the certification.
Building out and maintaining your IT ecosystem doesn’t have to be a do-it-yourself project. MDS can help identify network issues, configure devices, and optimize your infrastructure to maximize efficiency and performance. Our consultants are highly trained technology specialists that understand the complexities of multi-vendor environments and have the knowledge and skills to help your business become more agile, customer-focused and operationally efficient.