IBITGQ ISO 27001 qualifications now recognised by the PCI SSC

IBITGQ ISO 27001 Advanced-level qualifications are now acknowledged by the PCI Security Standards Council (PCI SSC) as approved qualifications contributing towards the requirements for an individual applying to become a PCI DSS Qualified Security Assessor (QSA).

These qualifications include:

ISO27001 Certified ISMS Lead Implementer (CIS LI)

ISO27001 Certified ISMS Lead Auditor (CIS LA)

ISO27001 Certified ISMS Internal Auditor (CIS IA)

PCI DSS QSA Qualification Requirements

Updated in February 2016, the PCI DSS Qualification Requirements for Qualified Security Assessors v2.1, states that each QSA employee performing or managing PCI SSC assessments must:

Possess at least one of the following accredited, industry-recognized professional certifications (possessing one certification from each list is recommended, but not currently required):

List A – Information Security

  • (ISC)2 Certified Information System Security Professional (CISSP)
  • ISACA Certified Information Security Manager (CISM)
  • Certified ISO 27001 Lead Implementer

List B – Audit

  • SACA Certified Information Systems Auditor (CISA)
  • GIAC Systems and Network Auditor (GSNA)
  • Certified ISO 27001, Lead Auditor, Internal Auditor
  • IRCA ISMS Auditor or higher (e.g., Auditor/Lead Auditor, Principal Auditor)

It also confirms that:

“Certified ISO 27001 courses should be accredited to the ISO/IEC 17024 standard. It is the responsibility of the QSA/candidate to ensure that the certifying body is accredited, and to provide evidence of accreditation to PCI SSC.”

IBITGQ qualifications

All of the IBITGQ qualifications are certified by gasq, which is fully accredited to the ISO/IEC 17024:2012 standard (Conformity assessment – General requirements for bodies operating certification of persons).

We are IBITGQ’s lead training development partner and Accredited Training Organisation (ATO) in the UK. Our training team delivers the ISO27001 ISMS Certified Lead Implementer, Lead Auditor and Internal Auditor training courses in the classroom or Live Online on a monthly basis.