PCI SSF
Build confidence with your customers by becoming PCI SSF compliant with a Secure Software Lifecycle Standard assessment and a Secure Software assessment.
Need assurance that your payment application and payment software is secure? As a PCI SSF Qualified Security Assessor Company, A-LIGN can help you with any part of your PCI SSF compliance journey.
Take the first step to becoming PCI SSF compliant and gain an edge over your competitors, close deals faster and win more business.
Provide trust to your clients with PCI SSF compliance
PCI SSF (Payment Card Industry Software Security Framework) is a security framework designed to help software vendors develop and distribute secure payment applications to their customers. PCI SSF provides a new approach to validating the security of traditional and future payment software and applications.
The PCI SSF assessment includes two components, the Secure Software Lifecycle (SLC) Standard and the Secure Software Assessment (SSA).
It’s important to note that these two components are mutually exclusive, and while an organization may require an assessment of their payment applications developed and distributed to their customers through a Secure SLC assessment, it does not necessarily require a separate assessment of the entity’s software through an SSA assessment.
The benefits of PCI SSF compliance:
- Assures appropriate security and protection mechanisms are in place to secure your customer’s card data.
- Helps reduce the risk associated with penalties and data breach complications.
- Ensures better protection against security threats and adaptation to any changes in regulatory standards.
- Helps win new business from customers that require PCI SFF compliance.
- Provides your organization with inclusion in either the Validated Payment Software registry and/or the Secure SLC-Qualified Vendor registry.
PCI SSF services
The Secure Software Life Cycle (SLC) standard
The PCI Secure SLC Standard defines a baseline of security requirements with corresponding assessment procedures and guidance for building secure payment applications. The Secure SLC Standard will aid your organization in building the necessary processes to help meet the Secure Software Assessment (SSA). This component of the PCI SSF assessment includes Penetration Testing to ensure any vulnerabilities in your payment apps and infrastructure can be identified, giving you confidence that all critical data is protected.
Our auditors will perform both on-site and remote testing procedures outlined by the PCI Security Standards Council. Testing procedures include, but are not limited to, interviewing and observing company personnel, inspecting evidence, and testing of Company’s controls to ensure compliance with PCI SSF Secure SLC Standard. Completion results in:
- Secure SLC Assessment Report on Compliance
- Secure SLC Attestation of Compliance
The Secure Software Assessment (SSA)
The PCI Secure Software Assessment is related to the PCI Secure SLC standard but focuses on the payment software itself as opposed to only the security controls associated with the development of the software. The Secure Software Assessment is a modular system and includes variable certification elements for different types of products as it relates to the security of the payment software itself.
Our auditors will perform both on-site and remote testing procedures outlined by the PCI Security Standards Council. Testing procedures include, but are not limited to, interviewing Company personnel, inspecting evidence, such as Company payment application development policies and procedures and related secure development records, observing Company personnel and testing of Company’s payment applications to ensure compliance with PCI SSF Secure Software Standard. Completion results in:
- Secure Software Report on Validation (ROV)
- Secure Software Attestation of Validation (AOV)
Why A-LIGN
Get started with A-LIGN
Are you ready to start your compliance journey? A-LIGN is ready to assist with any of your compliance, cybersecurity, and privacy needs.