Qualified Security Assessor (QSA) is a designation conferred by the PCI Security Standards Council to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of a Qualified Security Assessor (QSA) company approved PCI security and auditing firm,^[1] and will be performing PCI compliance assessments as they relate to the protection of credit card data.

This article relies excessively on references to primary sources. (August 2008)

The term QSA can be implied to identify an individual qualified to perform payment card industry compliance auditing and consulting or the firm itself. QSA companies are sometimes differentiated from QSA individuals by the initialism 'QSAC'.^[2]

The primary goal of an individual with the PCI QSA certification is to perform an assessment of a firm that handles credit card data against the high-level control objectives of the PCI Data Security Standard (PCI DSS).

Consultants holding the QSA certification must re-certify annually to ensure they are conversant with any changes to the PCI-DSS requirements and guidelines.