Software Security Framework Assessors

Software Security Framework (SSF) Assessor companies are independent security organizations that have been qualified by the PCI Security Standards Council to validate a vendor's payment software and/or to evaluate a vendor's software lifecycle.

Secure Software Assessors are employed by an SSF Assessor Company and have satisfied and continue to satisfy all applicable requirements to perform Secure Software Assessments.

Secure Software Lifecycle (SLC) Assessors are employed by an SSF Assessor Company and have satisfied and continue to satisfy all applicable requirements to perform Secure SLC Assessments.

The PCI Security Standards Council maintains an in-depth program for companies and their employees seeking to be certified as SSF Assessors, or re-certified as SSF Assessors each year.

Certification and re-certification indicate only that the applicable Assessor has successfully met all PCI Security Standards Council requirements to perform Secure SLC and/or Secure Software assessments. The Council does not endorse these providers or their business processes or practices.

Although the PCI Security Standards Council strives to ensure that the list of SSF Assessors on this page is accurate, the list is updated frequently, and the Council cannot guarantee that the list is current at all times. Accordingly, clients are advised to check this list regularly to ensure that Assessors have successfully maintained their status as SSF Assessors.

Read more

Let us know what you think

Your experiences with their service will help make the global team better!
Give Feedback
Search by:
Company
Employee

Verify an SSF Assessor Company Employee

 

Find an SSF Assessor Company

Filter by
Export List 
Company
Place of Business
Primary Contact
Regions
Languages
Assessment Type
 
* 'In Remediation' status indicates a determination by the Council, after Quality Assurance review, that an SSF Assessor Company has violated applicable PCI SSF Assessor Qualification Requirements. This status may result from failure to comply with any number of applicable PCI SSF Assessor Qualification Requirements. SSF Assessor Companies are notified when remediation is required, and SSF Assessor Companies listed as "In Remediation" may be actively seeking to remedy this status. For more about remediation please visit SSF Company Remediation Statement.

For information about the status of a particular SSF Assessor Company, please contact that company.

*Servicing Markets Abbreviations
AP - Asia Pacific, CEMEA - Central Europe, Middle East, and Africa, LAC - Latin America and the Caribbean