PCI Security Standards Council statement on revoking QSA and PA-QSA status of Chief Security Officers (CSO)

PCI Security Standards Council statement on revoking QSA and PA-QSA status of
Chief Security Officers (CSO)


August 03, 2011

Effective immediately, the PCI Security Standards Council (PCI SSC) has revoked the Qualified Security
Assessor (QSA) and Payment Application Qualified Security Assessor (PA-QSA) status of Chief Security
Officers, LLC (“CSO”), and CSO has been removed from the Council’s lists of approved service providers.

The Council requires all QSAs and PA-QSAs to participate in a clearly defined quality assurance program
focused on ensuring the consistency, credibility, competency and professional ethics of their services. The
change in CSO’s status occurs as a result of CSO’s failure to satisfy the high standard set forth for QSAs
and PA-QSAs by the Council and reflected in relevant agreements and supporting validation requirements.

This necessary action upholds the Council’s commitment to maintaining a pool of consistent, high quality
assessment providers and listing of validated payment applications for merchants and vendors to use
confidently.

Organizations should continue to consult the Council’s validated payment applications listing as the
resource for information on PA-DSS compliant applications.

Further information on this change in status can be found in this related FAQ.

***