Our Certifications

Looking for more information on our IT security certifications? Request information

Trust ControlScan—your team of security and compliance experts.

Our experts hold the IT security certifications for preventing, detecting and responding to the everyday cyber threats you face.

ControlScan helps you cut through the complexity of securing sensitive data and achieving compliance by delivering support through experts who understand BOTH security and compliance, as well as how they relate to each other.

We’re committed to providing you with the highest quality team of experts in the industry, and we back that up by investing in their training and credentials. Below is just a partial list of security certifications that highlight our many areas of expertise.

ASV Approved Scanning Vendor

Approved Scanning Vendors (ASVs) are organizations that validate adherence to certain DSS requirements by performing vulnerability scans of Internet-facing environments of merchants and service providers.

As a company, ControlScan revalidates with the PCI Security Standard Council every year, and our ASV employees requalify annually, too. This means that we’re up to date on the very latest vulnerabilities. We’re also experts in scanning your Internet-facing environment and working with you to resolve any issues and achieve PCI compliance.

CISA Certified Information Systems Auditor

The CISA designation is a globally recognized certification for IS audit control, assurance and security professionals. Being CISA-certified showcases your audit experience, skills and knowledge, and demonstrates you are capable to access vulnerabilities, report on compliance and institute controls within the enterprise.

We don’t stop at earning our QSA credentials; we support employees who seek the CISA certification, which further strengthens our auditing capabilities, skills and knowledge. It deepens our ability to provide a broader analysis of controls, risk and vulnerabilities within the enterprise.

Cisco Select Certified Partner

Cisco Select Certification recognizes and rewards partners that have achieved a Cisco Specialization. Cisco Select reflects a partner's technological and business expertise in a specific Cisco Technology.

As a Managed Security Services Provider (MSSP), ControlScan has selected Cisco technologies for some of its core solutions. To ensure expert implementation and support, we ensure that our support engineers and analysts are fully trained on those technologies, as demonstrated by our Cisco Select Certified Partner designation.

CISM Certified Information Security Manager

The CISM certification promotes international security practices and recognizes the individual who manages designs, and oversees and assesses an enterprise’s information security.

CISSP, CISM, and CISA certifications all represent a heavy investment in building employee capabilities related to IT security. The CISM certification promotes our understanding and utilization of international security practices in managing and assessing the security of your organization.

CISSP Certified Information Systems Security Professional

The CISSP® certification is a globally recognized standard of achievement that confirms an individual's knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. It was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.

The CISSP certification is one of the most widely recognized credentials in the security arena. We have a large number of security-focused employees who have earned their CISSP by going through the body’s rigorous testing process. Our CISSPs stand ready to ensure the security of your business environment through better architecture, design, management and/or controls.


ISACA’s Certified in Risk and Information Systems Control (CRISC) certification is an enterprise risk management qualification, favored by professionals looking to build upon their existing knowledge and experience of IT/Business risk, identification and implementation of information system controls. The certification requires pre-requisite skills such as the ability to manage the ongoing challenges of enterprise risk and to design risk based information system controls.

CRISC is one of the foremost certifications to help IT professionals prepare for real-world threats, with appropriate tools to both evaluate and manage risk. ControlScan is proud to have multiple CRISC-certified professionals on our team.

C|EH Certified Ethical Hacker

A Certified Ethical Hacker has obtained a certification from the EC-Council in how to look for the weaknesses and vulnerabilities in target systems by using the same knowledge and tools used by real cyber criminals.

How do you combat an invisible enemy? We believe it starts by applying the same knowledge and tools used by real cyber criminals. The Certified Eithical Hacker (CEH) certification from the EC-Council proves that we know how to search and find the weaknesses and vulnerabilities in target systems.


CompTIA Linux+ Powered by LPI is a high-stakes, vendor-neutral certification that validates the fundamental knowledge and skills required of junior Linux administrators.

SMBs are increasingly adopting Linux as a core platform in their infrastructure. Our engineers pursue a CompTIA Linux+ certification to validate their knowledge and skills in the Linux arena, providing the assurance that we’re prepared to support you.

MCP Microsoft Certified Professional

Microsoft Certified Professional (MCP) is a certification that validates IT professional and developer technical expertise through rigorous, industry-proven, and industry-recognized exams. MCP exams cover a wide range of Microsoft products, technologies, and solutions.

Microsoft technologies have a dominant role in the IT infrastructures of most of our SMB customers. Our Microsoft Certified Professional (MCP) certification validates our technical expertise related to Microsoft infrastructure. Individuals with the certification have passed rigorous, industry-recognized exams and have strong experience with Microsoft products, technologies, and solutions.


The Network+ certification is an internationally recognized validation of the technical knowledge required of foundation-level IT network practitioners.

Technical security and compliance typically starts with the network. Our support engineers pursue a Network+ certification to validate the technical knowledge they have acquired as foundation-level IT network practitioners.

PA-QSA Payment Application Qualified Security Assessor

Payment Application Qualified Security Assessor (PA-QSA) Companies are organizations that have been qualified by the PCI Security Standards Council to perform PA-DSS Assessments for PA-DSS Program purposes. PA-QSA Employees are individuals who are employed by a PA-QSA Company and have satisfied all PA-QSA Qualification Requirements applicable to employees of PA-QSA Companies who will conduct PA-DSS Assessments.

ControlScan is a PA-QSA Company and provides application validation and consulting services to list your payment application with PCI and/or to evaluate and communicate the compliance scope impact of your software product to your market.

PCIP PCI Professional

The Payment Card Industry Professional (PCIP)™ is the base, entry level qualification for an individual and provides a solid foundation for future career progression to other PCI qualifications.

As the leader in assisting SMBs with PCI compliance, we encourage our broader organization—such as those in sales and support—to earn their PCIP. The certification ensures an organization-wide, base level understanding of the PCI DSS and its practical application in the SMB enterprise.

QPA Qualified PIN Assessor

Qualified PIN Assessor (QPA) Companies have been certified by the PCI Security Standards Council to validate an entity's adherence to the PCI PIN Standard. The PCI Security Standards Council maintains an in-depth program for companies and their employees seeking to be certified as QPAs, or re-certified as QPAs each year.

ControlScan is a QPA Company and maintains a staff of individuals who have satisfied all requirements to perform PCI PIN Assessments as described in the QPA Qualification Requirements. If you’re a merchant, acquiring participant, key injection facility (KIF), certificate authority (CA) or registration authority (RA), we can help streamline your next PIN assessment.

QSA Qualified Security Assessor

Qualified Security Assessor (QSA) is a designation conferred by the PCI Security Standards Council to those individuals that meet specific information security education requirements, have taken the appropriate training from the PCI Security Standards Council, are employees of a Qualified Security Assessor (QSA) company approved PCI security and auditing firm, and will be performing PCI compliance assessments as they relate to the protection of credit card data.

We are a Qualified Security Assessor (QSA) company with QSAs on staff and prepared to work with you on a variety of engagements. Our QSAs must requalify with the PCI Security Standards Council on an annual basis, demonstrating a continued accumulation of knowledge and experience in PCI DSS-related areas. As proven PCI experts, we are fully qualified to assist clients in achieving PCI compliance and performing formal PCI compliance assessments as they relate to the protection of credit card data.

QSA(P2PE) Qualified Security Assessor P2PE

Qualified Security Assessor P2PE Companies, or QSA(P2PE) Companies, are qualified by the PCI SSC to validate P2PE solutions and P2PE components on behalf of P2PE Vendors. The quality, reliability and consistency of a QSA(P2PE) Company’s work provides confidence that the P2PE Solution or Component has been validated for P2PE compliance.

Our internal QSA(P2PE) experts understand the importance and impact of using the latest payments encryption technologies, how this approach leads to a stronger security posture, and how that investment translates into specific efficiencies for maintaining PCI compliance. Whether you’re a merchant, solution provider or component developer, we’ve got your back.

Secure SLC Assessor

In contrast to a Secure Software (SSA) assessment, a Secure SLC assessor assesses your policies, processes and people to ensure that your software development lifecycle (SDLC) and ongoing support processes provide assurance that your applications are free from management oversights that could lead to attack.

ControlScan is one of the first certified PCI Software Security Framework (SSF) Secure Software Lifecycle (Secure SLC) Assessor Companies. With our time-tested audit methodology, consultative approach, and secure data collection platform, you can trust ControlScan to help your development team develop truly secure software and avoid the complexity of perpetual audits.

Secure Software Assessor

The launch of PCI’s Software Security Framework (SSF) program as the replacement for the PA-DSS program (which is set to retire in 2022) streamlines the process to support efficient and agile code releases and defend against constantly evolving security attacks. Secure Software Assessors (SSAs) are employed by an SSF Assessor Company and have satisfied and continue to satisfy all applicable requirements to perform Secure Software Assessments.

ControlScan is an SSF Assessor Company and maintains a staff of individuals who are qualified to test for both secure software lifecycle (Secure SLC) and Secure Software.


The CompTIA Security+ certification verifies an individual’s knowledge in different areas of computer security such as cryptography and access control, as well as business-related topics such as disaster recovery and risk management.

Our support engineers leverage a broad array of security training and certifications. Our CompTIA Security+ certification represents an investment in training and certification in a variety of computer security topics that are highly relevant to PCI and HIPAA. It also covers business-related topics such as disaster recovery and risk management.