Frequently Asked Questions

< Back to search page

Can I have the same assessor company or individual assessor perform a PCI DSS and PIN Assessment for our organization?

FAQ Response

An assessor that is listed as a QSA for PCI DSS and QPA for PCI PIN on the PCI SSC website may be eligible to perform both types of assessments, subject to meeting the requirements of both programs. However, while PCI SSC manages the PCI security standards and assessor programs, PCI compliance programs and validation requirements are defined and managed by the individual payment card brands. We recommend you contact the payment brands directly to discuss their individual compliance rules, validation criteria and processes, etc. Contact information for the payment brands can be found in FAQ #1142 titled, "How do I contact the payment brands?" on the PCI SSC website at https://www.pcisecuritystandards.org/faqs. 

September 2019
Article Number 1468