The Internal Security Assessor qualification was designed to help people perform internal audits for their own company and to make a list of fix items as they relate to PCI DSS compliance. You should be sponsored by your company before registering for the official exam with the Security Council. This certification will enable you to act as a go-between with external PCI auditors such as a Qualified Security Assessor (QSA) and your company.
The practice test is 60 multiple choice questions and a second test with 20 bonus questions. Before taking the ISA exam with the security council, students will need to take and pass the online PCI fundamentals primer before completing the qualification course. The security council offers a 2-day course that will cover the PCI DSS requirements and what the Report on Compliance (ROC) entails. After completing the class, you can take the test and annual re-certification will be required similar to the Qualified Security Assessor certification. Please refer to the PCI DSS Security Council website for more information regarding ISA training classes and exams.
- The PCI DSS security council recommends that you be an experienced internal auditor or someone who works in the Information Technology Security field.
- Familiarization with terms from the PCI DSS Glossary
- Familiarization with the PCI DSS requirement standard
- Familarization with the PCI DSS Self-Assessment Questionaire (SAQ)