PCI Security Standards Council®

Card Production Security Assessor (CPSA) Qualification

The instructor led Card Production Security Assessor classes teach you how to perform assessments of entities in accordance with the PCI Card Production and Provisioning Standards. There are two classes available to cover both the physical and logical security requirements that may be required as part of a Card Production Assessment.

Logical Assessor training will cover systems, business processes, and activities associated with card production and provisioning such as Cryptographic Key Management, EMV data preparation, pre-personalization, magnetic stripe and IC personalization, PIN generation and/or printing, and fulfillment.

Physical Assessor training will cover the physical security controls of entities that perform any or all of the following activities:

Manufacture of payment cards and other EMV chip-based payment products

Magnetic stripe personalization

Chip pre-personalization

Chip embedding

EMV, data-preparation

OTA Provisioning

HCE provisioning

PIN Generation and/or Printing

Fulfillment

Registration Process

In order to attend PCI Card Production Security Assessor training for certification, you must be a full-time employee of an active CPSA Company. Please see the Qualification Requirements for Qualified Card Production Security Assessors for more details.

Step 1 - Review

Refer to the CPSA Qualification Requirements for a complete description of the program and its requirements, and to confirm that you are a suitable candidate for the program. Then complete the CPSA registration form online (see step 2).

Step 2 - Apply

Complete the online application form through PCI SSC’s secure portal. Application requirements include:

  • Submit CPSA registration form  
  • Complete company application (Primary Contact will gain access to the online application only after the CPSA registration form has been approved by PCI SSC).
  • Enroll professionals in CPSA training (Primary Contact will have the ability to enroll professionals in CPSA training through the portal only after the CPSA Company application has been approved).
  • Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of CPSA training request approval). For more information about the training fees, please see the CPSA Training Pricing page.

Step 3 - Train

Upon receipt of payment the primary contact will receive the location details for the instructor-led class.

Step 4 - Enrollment

Once the application has been approved by the PCI Security Standards Council, and its designated CPSA employees have attended and passed the CPSA training, the CPSA Company will receive confirmation of acceptance into the program, and the CPSA employees will each receive a Certificate of Qualification. The CPSA employees will be added to the Council's database of certified CPSA personnel, and the company may now perform its own security audits until the time comes to complete the annual Requalification training to maintain the certification.

Course Details

Benefits
  • Support client’s ongoing security and compliance efforts through your knowledge of the PCI Card Production and Provisioning Logical Security Standard
  • Gain recognition of your professional achievement with this industry credential
  • Expand your knowledge in securing the payments chain with an in depth look at how a card production entities systems, key management, and security procedures must meet the PCI Standard.
  • Be included in a searchable directory on the PCI website
  • Earn Continuing Professional Education (CPE) credits that can be used to maintain your PCI Certifications and may be recognized by other Professional Bodies.
Overview

The PCI Card Production and Provisioning Logical Security Standard provides a set of security requirements and assessment procedures for performing PCI Card Production Logical Security Assessments. The logical Standard training is comprised of a two-day instructor-led course and exam.

The Card Production Assessor logical security training covers the PCI Card Production and Provisioning Logical Security Requirements and Testing Procedures (PCI Card Production and Provisioning Logical Security Standard). Candidates will learn how to:

  • Validate and confirm the scope of the Card Production Environment as defined by the assessed entity
  • Select employees, facilities, systems, and system components accurately representing the assessed environment if sampling is employed.
  • Apply independent judgement about whether the assessed entity meets the PCI Card Production and Provisioning Logical Security Standard.
  • Effectively use the PCI Card Production and Provisioning ROC Reporting Template to produce PCI Card Production and Provisioning Logical Security Reports on Compliance.
  • Validate and attest to an entity’s PCI Card Production and Provisioning Logical Security Standard compliance status.
  • Conduct follow-up assessments as needed
  • Learn how to complete the PCI Card Production and Provisioning ROC and PCI Card Production and Provisioning AOC documentation required for submission following completion of an assessment.
How to Prepare

Prior to taking the CPSA Logical Security training and exam, candidates should familiarize themselves with information regarding the PCI Card Production and Provisioning Logical Security Standard, the CPSA program, and all other supporting documents available on the PCI Website Document Library.

Class Schedule
Upcoming Courses

Instructor-led classes are available in locations worldwide. Attend instructor led training (ILT) with a view to becoming a Qualified CPSA or attend for informational purposes only. Details on informational training can be found here.

2020 Classes for New Card Production Security Assessors

Date/Time
Location
Certification Training
CPSA Logical Training
Date/Time: 13-14 Jul
09:00-17:30
Location: Portland, OR
CANCELED
Certification
Training:
$2,750 USD
CANCELED
Date/Time: 3-4 Aug
09:00-17:30
Location: Amsterdam, NL*
CANCELED
Certification
Training:
$2,750 USD
CANCELED
CPSA Physical Training
Date/Time: 7-Jul
09:00-17:30
Location: Portland, OR
CANCELED
Certification
Training:
$1,375 USD
CANCELED
Date/Time: 5-Aug
09:00-17:30
Location: Amsterdam, NL*
CANCELED
Certification
Training:
$1,375 USD
CANCELED
Please note: All fees are NON-REFUNDABLE and NON-TRANSFERABLE. The training and exam will be delivered in English.

* price does not include any applicable VAT/HST/GST which will appear on your invoice.

Informational Training

For more information and to register for Informational training, please click here.

Prices

Fee Category
Fee
Fee Category CPSA Company Fee
Fee: $7,500 USD
Fee Category Logical ILT 2-days
Fee: $2,750 USD
Fee Category Physical ILT 1 day
Fee: $1,375 USD
Fee Category Both ILT trainings
Fee: $3,500 USD
Fee Category Physical Requalification
Fee: $1,095 USD
Fee Category Logical Requalification
Fee: $1,650 USD
Fee Category Physical and Logical Requalification
Fee: $2,100 USD
Fee Category Logical ILT 2-days Informational Training
Fee: $2,000 USD
Fee Category Physical ILT 1-day Informational Training
Fee: $1,000 USD
Please note: Unless otherwise specified, all fees are in US Dollars. All course fees are NON-TRANSFERABLE and NON-REFUNDABLE.

Requalification Requirements

In order to maintain the high standards set for this qualification, all CPSAs must requalify every year to continue to maintain their status and be listed on the PCI website.

Requalification requirements help ensure that CPSAs remain current with technical and industry changes and demonstrate professionalism. To maintain active qualification status, CPSAs must:

  • Abide by the PCI SSC Code of Professional Responsibility
  • Meet the Continuing Professional Education (CPE) requirements:
    • There is no requirement for CPSA Logical Assessors to report CPEs to PCI
  • CPSA (Physical Assessor with no industry certifications) 10 CPE credits per year and a minimum of 30 CPE credits over a rolling three-year period
  • Download the current version of the CPE Maintenance Guide
  • Training provided by PCI SSC will count towards the annual CPE hours

Requalification Process

The Council emails courtesy reminders 90 days in advance of your qualification expiry date. To complete the requalification process, the required CPE hours and a requalification registration must be submitted prior to the expiry date and a passing score must be achieved on the exam no later than 14 days after the expiry date.

  • For your convenience, CPE hours can be tracked and stored in the PCI portal at any time (if required). All required CPE hours must be input prior to requalification
  • Once the required number of CPE hours has been recorded, select a requalification option and submit your registration
  • An invoice will be emailed within 2-3 business days
  • You will receive an email containing instructions and credentials to complete the requalification exam within 2 business days of payment processing
  • Once you successfully pass the exam, a new certificate will be emailed, and you’ll be listed on the PCI website as a CPSA for another year

Right for you?

If you want to:
  • Learn more about the Card Production and Provisioning Logical Security Standard.
  • Learn more about the Card Production and Provisioning Physical Security Standard.
  • Perform PCI CPSA Assessments and validate an organization’s compliance status.

Download Case Studies

View Bit9 Case Study
View Excentus Case Study

Our website uses both essential and non-essential cookies (further described in our Privacy Policy) to analyze use of our products and services. By clicking “ACCEPT” below, you are agreeing to our use of non-essential cookies to provide third parties with information about your usage and activities. If you click “DECLINE” below, we will continue to use essential cookies for the operation of the website.

Powered By OneLink