Frequently Asked Question

What is the process to initiate a software evaluation to the PCI Secure Software Standard?

Vendors that want to have their software assessed to the PCI Secure Software Standard initiate the process by engaging a qualified Secure Software assessor from the PCI SSC list of Software Security Framework Assessors.

A detailed overview of the assessment process, including roles and responsibilities, is provided in the Secure Software Program Guide available in the Document Library.

See also the following FAQs:
FAQ 1539: Who is qualified to perform assessments to the PCI Secure Software Standard?
FAQ 1540: What software is eligible for validation to the PCI Secure Software Standard?

Originally published: November 2021
Article Number: 1538

Featured FAQ Articles