PCI SSF | A-LIGN
  • Services
    • Links
      • SOC ASSESSMENTS
        • SOC 1
        • SOC 2
      • ISO CERTIFICATIONS
        • ISO 27001
        • ISO 27701
        • ISO 22301
      • HEALTHCARE ASSESSMENTS
        • HITRUST
        • HIPAA
      • Federal Assessments
        • All Government
        • FedRAMP
        • StateRAMP
        • FISMA
        • CMMC
        • NIST 800-171
      • PCI Assessments
        • PCI DSS
        • PCI SSF
      • Cybersecurity
        • Penetration Testing
        • Ransomware Preparedness Assessment
        • Social Engineering
        • Vulnerability Assessment Service
      • Privacy
        • Data Protection Analysis
        • GDPR
      • Additional Services
        • Microsoft SSPA
        • CSA STAR
        • Business Continuity & Disaster Recovery
        • Limited Access Death Master File
    • FEATURED RESOURCES
      • SOC 2 Readiness Checklist

        SOC 2

        SOC 2 Compliance 2022 – The Complete Guide

        SOC 2

        A-SCEND: Compliance Management Platform

        A-SCEND

        The Ultimate Cybersecurity Guide

        Cybersecurity
  • Solutions
    • A-SCENDCompliance Automation Software
    • Integrations
    • SOC 2 Readiness Assessment
    • ISO 27001 Readiness Assessment
    • HIPAA Readiness Assessment
  • About Us
    • Our Company
    • Meet Our Team
    • Partners
    • Careers
  • Resources
  • A-SCEND Login
  • Careers
CONTACT US

PCI SSF

Build confidence with your customers by becoming PCI SSF compliant with a Secure Software Lifecycle Standard assessment and a Secure Software assessment.  

Need assurance that your payment application and payment software is secure? As a PCI SSF Qualified Security Assessor Company, A-LIGN can help you with any part of your PCI SSF compliance journey. 

Take the first step to becoming PCI SSF compliant and gain an edge over your competitors, close deals faster and win more business.  

Get Started
fedramp certified
About Services Why A-LIGN Resources

Provide Trust to Your Clients with PCI SSF Compliance

PCI SSF (Payment Card Industry Software Security Framework) is a security framework designed to help software vendors develop and distribute secure payment applications to their customers. PCI SSF provides a new approach to validating the security of traditional and future payment software and applications.

The PCI SSF assessment includes two components, the Secure Software Lifecycle (SLC) Standard and the Secure Software Assessment (SSA).  

It’s important to note that these two components are mutually exclusive, and while an organization may require an assessment of their payment applications developed and distributed to their customers through a Secure SLC assessment, it does not necessarily require a separate assessment of the entity’s software through an SSA assessment. 

The Benefits of PCI SSF Compliance:

  • Assures appropriate security and protection mechanisms are in place to secure your customer’s card data. 
  • Helps reduce the risk associated with penalties and data breach complications. 
  • Ensures better protection against security threats and adaptation to any changes in regulatory standards. 
  • Helps win new business from customers that require PCI SFF compliance. 
  • Provides your organization with inclusion in either the Validated Payment Software registry and/or the Secure SLC-Qualified Vendor registry. 

PCI SSF Services

Secure Software Life Cycle (SLC) Standard
Secure Software Assessment (SSA)

The Secure Software Life Cycle (SLC) Standard 

The PCI Secure SLC Standard defines a baseline of security requirements with corresponding assessment procedures and guidance for building secure payment applications. The Secure SLC Standard will aid your organization in building the necessary processes to help meet the Secure Software Assessment (SSA). This component of the PCI SSF assessment includes Penetration Testing to ensure any vulnerabilities in your payment apps and infrastructure can be identified, giving you confidence that all critical data is protected.

Our auditors will perform both on-site and remote testing procedures outlined by the PCI Security Standards Council. Testing procedures include, but are not limited to, interviewing and observing company personnel, inspecting evidence, and testing of Company’s controls to ensure compliance with PCI SSF Secure SLC Standard.  Completion results in:

  • Secure SLC Assessment Report on Compliance 
  • Secure SLC Attestation of Compliance 

The Secure Software Assessment (SSA) 

The PCI Secure Software Assessment is related to the PCI Secure SLC standard but focuses on the payment software itself as opposed to only the security controls associated with the development of the software. The Secure Software Assessment is a modular system and includes variable certification elements for different types of products as it relates to the security of the payment software itself.

Our auditors will perform both on-site and remote testing procedures outlined by the PCI Security Standards Council. Testing procedures include, but are not limited to, interviewing Company personnel, inspecting evidence, such as Company payment application development policies and procedures and related secure development records, observing Company personnel and testing of Company’s payment applications to ensure compliance with PCI SSF Secure Software Standard. Completion results in:

  • Secure Software Report on Validation (ROV)  
  • Secure Software Attestation of Validation (AOV) 

 

Why A-LIGN

1K+ PCI Assessments
Completed
97% Client Satisfaction
Rating
10+ Years of Experience
94% Client Retention

Related Services

PCI DSS

SOC 2

Penetration Testing

Get started with A-LIGN

Are you ready to start your compliance journey?  A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.

  • Services
  • Software
  • About Us
  • Board of Directors
  • Partners
  • Careers
  • Resources
  • A-SCEND Login
  • ISO Certificate Directory
  • Privacy Policy
  • Cookie Policy
  • Impartiality and Inquiries
  • Terms of Use
CONTACT US

Price and Associates CPAs, LLC dba A-LIGN ASSURANCE is a licensed certified public accounting firm registered with the Public Company Accounting Oversight Board (PCAOB). A-LIGN Compliance and Security, Inc. dba A-LIGN is a leading cybersecurity and compliance professional services firm.

A-LIGN 2023. All rights reserved.

  • Services
    • SOC ASSESSMENTS
      • SOC 1
      • SOC 2
    • ISO CERTIFICATIONS
      • ISO 27001
      • ISO 27701
      • ISO 22301
    • HEALTHCARE ASSESSMENTS
      • HITRUST
      • HIPAA
    • Federal Assessments
      • FedRAMP
      • StateRAMP
      • FISMA
      • CMMC
      • NIST 800-171
    • PCI DSS
    • Cybersecurity
      • Penetration Testing
      • Ransomware Preparedness Assessment
      • Social Engineering
      • Vulnerability Assessment Service
    • Privacy
      • Data Protection Analysis
      • GDPR
    • Additional Services
      • Microsoft SSPA
      • CSA STAR
      • Business Continuity and Disaster Recovery Plan Services
  • Solutions
    • A-SCENDAudit Automation and Compliance Software
    • Integrations
    • SOC 2 Readiness Assessment
    • ISO 27001 Readiness Assessment
    • HIPAA Readiness Assessment
  • About Us
    • Our Company
    • Meet Our Team
    • Partners
    • Careers
  • Resources
  • A-SCEND Login
  • Careers
CONTACT US