QSA Role – in validating PCI DSS
The primary role of a QSA is to validate a merchants compliance against the PCI DSS.
To achieve this they must:
Validate the scope of the assessment Conduct PCI DSS assessments on merchant and service provider environments. Verify all technical information given by merchant or service provider. Use independent judgement to confirm PCI DSS requirements have been met. Be on-site for the duration of any relevant assessment procedure. Review the work product that supports the assessment procedures . Adhere to the PCI DSS Requirements and Security Assessment Procedures. Elect representative samples of business facilities and system components where sampling is employed. Evaluate compensating controls. Produce the final Report on Compliance