Help your organization build internal expertise and assess its compliance with the PCI Data Security Standard (PCI DSS) by becoming an Internal Security Assessor (ISA). The ISA Program provides an opportunity for eligible internal security audit professionals of qualifying organizations to receive PCI DSS training and certification that will improve the organization’s understanding of the PCI DSS, facilitate the organization’s interactions with Qualified Security Assessors (QSA), enhance the quality, reliability, and consistency of the organization’s internal PCI DSS self-assessments, and support the consistent and proper application of PCI DSS measures and controls.

Becoming an ISA involves a number of steps before signing up for training. Organizations interested in attending an upcoming ISA class must begin the application process in advance.

First, the interested organization must become qualified as an ISA Sponsor Company; then, the individual employees of the organization must receive training on how to validate and maintain ongoing PCI DSS compliance within their organizations. Follow the steps outlined below:



  • Refer to the ISA Qualification Requirements for complete program description and requirements and to confirm that both you and your organization are well suited for the program.


  • Submit ISA registration form.
  • Complete company application. Note: There is no fee to become an ISA Sponsor Company. The only applicable fees are training costs. (Primary Contact will gain access to the online application only after the ISA registration form has been approved by PCI SSC).
  • Enroll professionals in ISA training (Primary Contact will have the ability to enroll professionals in ISA training through the portal only after the ISA Company application has been approved).
  • Submit payment (training invoice will be emailed to Primary Contact within 3 business days of ISA training request approval). Acceptable forms of payment include: wire transfer, credit card, and check. Please note that all payments must be received in US dollars. Payment via check must be drawn on a US bank.
  • Training Price: $1,890 USD (PO rate) $3,720 USD (non-PO)


  • Upon acceptance of the training request, the primary contact will receive an email confirming enrollment and the trainee will receive instructions for completing the pre-requisite PCI Fundamentals online course.
  • Trainees must complete the pre-requisite course and pass the pre-requisite exam in order to attend the classroom training. Trainees receive three (3) attempts to pass the exam. After the third and final attempt, if the trainee does not receive a passing grade, he or she will be required to register for New ISA Training and pay the full course fee.
  • Following successful completion of the pre-requisite course, the PCI SSC will send an email confirming the trainee’s seat in the class and the class details (Date, time, location, etc.)


  • Once the application has been approved by the PCI SSC, and its designated ISA employees have attended and passed the ISA training, the ISA Sponsor Company will receive confirmation of acceptance into the program, and the ISA employees will each receive a Certificate of Qualification.
  • The ISA employees will be added to the Council’s database of certified ISA personnel, and the company may now perform its own security audits until the time comes to complete the annual Requalification training to maintain the certification.

footer.jpgWhen these steps are successfully completed, acceptance into the ISA program will be confirmed. Annual requalification of employees is required. Every 12 months the ISA employee must take the online requalification exam for a fee of $1,260 USD (PO rate) $1,440 USD (non-PO).

Please note that all documentation and responses must be in English.