PCI SSF
Drive trust with PCI SSF, a modern approach to compliance.
PCI SSF enables secure, compliant innovation across the entire payment software development lifecycle with two modular, tailored assessments.
Secure, compliant payment software from end to end
PCI SSF (Payment Card Industry Software Security Framework) is a security framework designed to help software vendors develop and distribute secure payment applications to their customers. PCI SSF provides a new approach to validating the security of traditional and future payment software and applications.
The PCI SSF assessment includes two components, the Secure Software Lifecycle (SLC) Standard and the Secure Software Assessment (SSA).
- The Secure Software Lifecycle Assessment (SSLC) evaluates the security of the application development process
- The Secure Software Assessment validates the security of the application itself
The benefits of PCI SSF compliance:
- Ensures appropriate security and protection mechanisms are in place to secure your customer’s card data
- Helps reduce the risk associated with penalties and data breach complications
- Ensures better protection against security threats and adaptation to any changes in regulatory standards
- Helps win new business from customers that require PCI SFF compliance
- Provides your organization with inclusion in either the Validated Payment Software registry and/or the Secure SLC-Qualified Vendor registry
PCI SSF services
The Secure Software Life Cycle (SLC) standard
The PCI Secure SLC Standard defines a baseline of security requirements with corresponding assessment procedures and guidance for building secure payment applications. The Secure SLC Standard will aid your organization in building the necessary processes to help meet the Secure Software Assessment (SSA). This component of the PCI SSF assessment includes Penetration Testing to ensure any vulnerabilities in your payment apps and infrastructure can be identified, giving you confidence that all critical data is protected.
Our auditors will perform both on-site and remote testing procedures outlined by the PCI Security Standards Council. Testing procedures include, but are not limited to, interviewing and observing company personnel, inspecting evidence, and testing of Company’s controls to ensure compliance with PCI SSF Secure SLC Standard. Completion results in:
- Secure SLC Assessment Report on Compliance
- Secure SLC Attestation of Compliance
The Secure Software Assessment (SSA)
The PCI Secure Software Assessment is related to the PCI Secure SLC standard but focuses on the payment software itself as opposed to only the security controls associated with the development of the software. The Secure Software Assessment is a modular system and includes variable certification elements for different types of products as it relates to the security of the payment software itself.
Our auditors will perform both on-site and remote testing procedures outlined by the PCI Security Standards Council. Testing procedures include, but are not limited to, interviewing Company personnel, inspecting evidence, such as Company payment application development policies and procedures and related secure development records, observing Company personnel and testing of Company’s payment applications to ensure compliance with PCI SSF Secure Software Standard. Completion results in:
- Secure Software Report on Validation (ROV)
- Secure Software Attestation of Validation (AOV)
Why A-LIGN
A-LIGN is a long-standing, trusted compliance partner with deep expertise in the payments industry. A-LIGN has leveraged over 20 years of experience to develop a unique, proactive, quality-first approach that balances rigor with client goals, timelines, and resource availability.
Get started with A-LIGN
Are you ready to start your compliance journey? A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.