Certified Payment-Card Industry Security Auditor (CPISA) is an independent payments industry certification governed by the Society of Payment Security Professionals (commonly known as the SPSP). The CPISA focuses on information technology, information security, and auditing knowledge and skills. This certification is held by members from diverse backgrounds including Level 1 - 4 Merchants, Acquirers, Issuers, QSAs, Processors, Gateways, Service Providers, Consultants, and Auditors. All CPISA holders are members of the SPSP and also hold the CPISM certification.
Certification Knowledge Domains
The CPISA curriculum covers subject matter in a variety of Information Security and Payments Industry topics. The CPISA examination is based on what a collection of topics relevant to payment industry security professionals. The CPISA Knowledge Domains establishes a common framework of payment industry terms and definitions that allow security professionals to discuss and debate matters pertaining to the profession with a common understanding.
The CPISA Knowledge Domains are:[1]
Requirements
Candidates for the CPISA must meet several requirements:[1]
- First, join the Society of Payment Security Professionals
- Second, provide a resume with current credentials and two letters of reference from industry professionals. Candidates must also have at least three years of information security or payment industry experience.
- Third, one must pass the CPISM and CPISA exams
- Upon completion of the exams with a passing grade, the SPSP will issue the CPISA Certificate
Reference Documents
The SPSP provides several reference documents for studying and preparing for the CPISA certification: