Under the new PCI Software Security Framework PCI SSC qualifies companies and their employees to perform assessments to the Secure SLC and Secure Software Standards
WAKEFIELD, Mass., 2 October 2019 — Today the PCI Security Standards Council (PCI SSC) launched a new assessor qualification program to support the PCI Software Security Framework (SSF), a collection of standards and programs for the secure design, development, and maintenance of payment software. Through the SSF Assessor Program, PCI SSC qualifies companies and their employees to assess vendors’ software lifecycle management practices and payment software products to the PCI Secure Lifecycle (Secure SLC) and Secure Software Standards.
“Software Security Framework Assessor qualification provides new opportunities for both existing and new assessors and offers great growth potential as the SSF expands in the future to support additional types of software,” said PCI SSC Senior Director of Certification Programs, Gill Woodcock.
Eligible organizations can apply now on the PCI SSC website to become SSF Assessor Companies. SSF Assessor Company qualification is open to any company that meets the Software Security Framework Assessor – Qualification Requirements including, but not limited to QSA Companies. Companies can qualify to perform Secure SLC assessments, Secure Software assessments, or both. In order to be listed as an SSF Assessor Company on the PCI SSC website, the company must have at least one employee successfully complete the Secure Software Assessor or Secure SLC Assessor training and exam. PCI SSC will begin accepting applications from SSF Assessor Company employees in November, and training will be available in early 2020.
Qualification requirements and program fees are available on the PCI SSC website now, and training course information will be published shortly. Learn more on the PCI Perspectives Blog: New Assessor Opportunity: PCI Software Security Framework.
The PCI Software Security Framework is a key discussion topic at the 2019 PCI Community Meetings. For more information and to register, visit: https://events.pcisecuritystandards.org.
About the PCI Security Standards Council
The PCI Security Standards Council (PCI SSC) leads a global, cross-industry effort to increase payment security by providing industry-driven, flexible and effective data security standards and programs that help businesses detect, mitigate and prevent cyberattacks and breaches. Connect with the PCI SSC on LinkedIn. Join the conversation on Twitter @PCISSC. Subscribe to the PCI Perspectives Blog.