Internal Security Assessor (ISA)™ Qualification
The Internal Security Assessor program teaches you how to perform internal assessments for your company and recommend solutions to remediate issues related to PCI DSS compliance. Assessors are sponsored by their companies, so when you receive this qualification you will be able to act as a liaison with external PCI auditors and manage interactions with a Qualified Security Assessor (QSA).
Course Highlights
Internal Security Assessor (ISA) training is a two-part program. The first is a five-hour prerequisite course and exam about PCI Fundamentals. It’s followed by an in-depth course (that can be taken via either instructor-led or online eLearning format) and exam.
Benefits of the course include:
- Understand the PCI DSS and how it can help protect your customer data and your business
- Define the processes involved in card processing and network segmentation
- Help your organization build internal expertise and assess its compliance with PCI Standards
- Enhance payment card data security and manage compliance costs
Candidates who successfully complete the prerequisite PCI Fundamentals course may move on to the ISA qualification course. This course builds on the knowledge gained in PCI Fundamentals and delves into the actual PCI DSS requirements, testing procedures, compliance reports and more. The Internal Security Assessor course covers:
- What is PCI and what does it mean to companies that must meet compliance with the DSS?
- Industry overview
- Terminology
- Transaction data flow
- Relationships between various organizations in the process
- How the credit card brands differ in their validation and reporting requirements
- PCI Data Security Standard (DSS)
- Overview of each requirement
- Testing procedures
- What constitutes compliance
- PCI Hardware and Communications Infrastructure
- PCI Reporting
- Overview of compliance issues and mitigation strategies
- Compensating controls
- Creating policies
- Modifying cardholder data environment
The instructor-led course includes case studies providing a simulation of assessment scenarios that may help you in solving common problems within your own payment environment. More information will be provided about the exam upon registration.
For those taking ISA training via eLearning, click here to locate a testing center near you.
Right for You?
Digital Badging
Schedule
Registration for 2025 trainings begins on 1 December.
-
5 Dec 2024 Closed
09:00-17:30 ET (14:00-22:30 UTC)
Virtual Instructor-Led (vILT)
-
3-4 Feb 2025
09:00-17:30 (local time)
Atlanta, GA
-
5-6 Mar 2025
09:00-17:30 (local time) This class will be conducted in Spanish
Mexico City, MX: Hosted by 1stSecureIT (dba GM Sectec). For pricing and registration, please contact Romana Sturdikova at romana.sturdikova@gmsectec.com
-
18-19 Mar 2025
09:00-17:30 (local time) This class will be conducted in Spanish
Madrid, Spain: Hosted by BOTECH FPI (dba Solver4). For pricing and registration, please contact Alberto Espana at aespana@botech.info
-
24-25 Mar 2025
09:00-17:30 (local time)
Phoenix, AZ
-
10 Apr 2025
09:00-17:30 ET (13:00-21:30 UTC)
Virtual Instructor-Led (vILT)
-
19-20 May 2025
09:00-17:30 (local time)
Glasgow, UK*
-
21-22 Jul 2025
09:00-17:30 (local time)
Denver, CO
-
23-24 Jul 2025
09:00-17:30 (local time) This class will be conducted in Spanish
Medellin, CO: Hosted by 1stSecureIT (dba GM Sectec). For pricing and registration, please contact Romana Sturdikova at romana.sturdikova@gmsectec.com
-
7 Aug 2025
05:00-13:30 ET (09:00-17:30 UTC)
Virtual Instructor-Led (vILT)
-
12-13 Aug 2025
09:00-17:30 (local time) This class will be conducted in Spanish
Dominican Republic Hosted by BOTECH FPI (dba Solver4). For pricing and registration, please contact Alberto Espana at aespana@botech.info
-
27-28 Aug 2025
09:00-17:30 (local time) This class will be conducted in Spanish
Santiago, CL: Hosted by 1stSecureIT (dba GM Sectec). For pricing and registration, please contact Romana Sturdikova at romana.sturdikova@gmsectec.com
-
9-10 Sep 2025
09:00-17:30 (local time)
Fort Worth, TX
-
15-16 Sep 2025
19:00-03:00 ET (23:00-07:00 UTC) This class will be simultaneously translated into Japanese. Please note that for participants in Japan, this class begins at 8:00 JST on 16 September.
Virtual Instructor-Led (vILT)
-
7-8 Oct 2025
09:00-17:30 (local time)
Amsterdam, NL*
-
30 Oct 2025
09:00-17:30 ET (13:00-21:30 UTC)
Virtual Instructor-Led (vILT)
-
3-4 Nov 2025
09:00-17:30 (local time)
Seattle, WA
-
18 Nov 2025
10:00-18:30 ET (15:00-23:30 UTC) This class will be conducted in Spanish
vILT Hosted by BOTECH FPI (dba Solver4). For pricing and registration, please contact Alberto Espana at aespana@botech.info
-
4 Dec 2025
05:00-13:30 ET (10:00-18:30 UTC)
Virtual Instructor-Led (vILT)
vILT (Virtual Instructor led) classes are a combination of eLearning and a live webinar.
* Pricing for these classes does not include VAT, HST, etc.
Prices
| Course | Price | As of 1 Jan 2025 |
| $3,720 USD | $4,000 USD | |
New ISA Training (In person or eLearning) Principal/Associate PO |
$1,890 USD | $2,000 USD |
Requalification ISA Training Non-PO |
$1,440 USD | $1,600 USD |
Requalification ISA Training PO |
$1,260 USD | $1,350 USD |
New ISA Exam Retake fee via Pearson VUE |
$185 USD | $200 USD |
Training class change fee |
$185 USD | $185 USD |
Please note: Unless otherwise specified the training and exam will be delivered in English.
Price does not include any applicable VAT/HST/GST which will appear on your invoice.
* Not including VAT
**Become a Participating Organization and SAVE up to 40% on ISA training fees. To learn about becoming a Participating Organization please click here.
Training Formats and Exam Information
New Training Offerings:
All offerings will include a 5-hour online prerequisite Fundamentals course followed by a 60-question multiple-choice exam. Three attempts to pass Fundamentals will be allowed.
- Instructor-led training (ILT): In-person, instructor-led classroom training with an exam to follow.
- Virtual Instructor-led training (vILT): Combination online training and instructor-led webinar with an exam offered via Pearson Vue within 30 days of webinar.
- eLearning: Self-paced computer-based training (CBT). You will have 90 days from the receipt of payment to complete all components of the training and the exam. The exam will be delivered via Pearson Vue.
- Please see Schedule tab for dates of ILT and vILT trainings
New Exam Specifics:
- All exams are closed book.
- Exam is 60 multiple choice questions with a 90-minute time limit.
- Results of in person exams are delivered within 10 business days.
- Results of Pearson Vue exams are delivered upon completion of the exam.
- 75% or higher to pass the exam; the only information that can be released concerning exams is your grade.
- If you fail the exam, you are allowed one retake (within 30 days of failure notice) for a fee.
Registration Process
Registrants must have significant relevant security audit and assessment experience (including but not limited to Network Security, Application Security and Consultancy, System Integration, and Auditing). A minimum of five years experience is recommended.
Complete and Submit an Application
ISA training candidates must be sponsored by their employer.
If your company is already an ISA sponsor, please request that your Primary Contact submit a training registration on your behalf through the ISA Portal.
If your company is not already an ISA sponsor, please refer to the ISA Qualification Requirements for a complete program description and requirements, and to confirm that both you and your organization are well suited for the program. Then follow the steps below:
- Submit ISA registration form
- Complete company application (Primary Contact will gain access to the online application on the PCI SSC secure portal only after the ISA registration form has been approved).
- Enroll professionals in ISA training (Primary Contact will have the ability to enroll professionals in ISA training through the portal only after the ISA Company application has been approved).
Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of ISA training request approval). For more information about the training fees, please see the ISA Training Pricing page.
How to Prepare for the Exam
Prior to beginning the PCI Fundamentals training, you should familiarize yourself with these publications on the PCI website:
The PCI Fundamentals online course must be completed prior to the start of your training class.
Requalification
Requalification Requirements
In order to maintain the high standards set for this certification, all ISA employees must re-certify every 12 months in order to continue as an Internal Security Assessor for their Sponsor Company. All ISA Program training attendees will be required to sign and accept the terms of the PCI SSC ISA Employee Certification form at the time they begin the online training.
Requalification specifics:
- Approved assessors are allowed to register for requalification training as early as 90 days prior to their expiration date. Once registered, they will receive immediate access to the eLearning training.
- Registration must be submitted no later than the candidate’s expiration date.
- Exam access is given no earlier than four (4) weeks prior to expiration date AND invoice is paid.
- An Assessor who is not registered for requalification training before midnight Eastern Time on their qualification expiration date, or who does not achieve a passing score on the exam by the end of their qualification period, will be required to re-enroll as a new candidate.
Requalification exam:
- Non-proctored remote exam
- 50 multiple choice questions with a 75-minute time limit.
- 75% or higher to pass the exam; the only information that can be released concerning exams is the grade.
- If you fail the exam, please have the primary contact email administration@pcisecuritystandards.org for the next steps.
