Secure Software Lifecycle (Secure SLC)


Secure Software Lifecycle (Secure SLC)

The Secure Software Lifecycle (SLC) Standard offers security requirements for software vendors and developers to ensure security is integrated throughout the entire software lifecycle and that software is secure by design and able to withstand attack.

Implementing secure software lifecycle concepts helps software vendors and developers maintain secure software products throughout the software lifecycle (design, development, deployment, and maintenance).

Important Information


Intended Audience

Software vendors that develop software that is commonly deployed in a payment environment.


Secure Software Lifecycle (SLC) Standard Documents

Find all of the related documents in the PCI SSC Document Library.


Listings & Professionals

PCI SSC encourages merchants and service providers to use the PCI SSC listing in selecting a PCI-listed secure SLC qualified software vendor that meets their needs.

PCI Secure SLC Assessors are qualified and trained by PCI SSC to perform independent assessments against the PCI Secure SLC Standard and in accordance with the Secure SLC Program Guide.


Training Information

The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.

Perform assessments of entities in accordance with the Secure Software Lifecycle Requirements and Assessment Procedures.

Knowledge Training courses are designed to bridge the knowledge gap between organizations and assessors by providing learning opportunities for individuals to take the same training and exam as the Assessor. Upon successful completion of training, learners will be given an acknowledgement of completion as well as the option to complete the exam and receive a digital badge.

Get your team trained together! We are pleased to offer all our PCI training programs as either in-person or remote Instructor-led eLearning. Learn directly from an instructor with hands-on experience in the field of payments security. Your organization will receive all the benefits of an instructor-led training class, at a time and place most convenient for you and your staff.

Compliance programs for all PCI SSC standards are managed by the payment brands. Questions about which entities need to validate compliance to any PCI SSC standard, or whether use of a PCI-listed product is required and for which entities, should be referred to the payment brands. Contact information for the payment brands is in FAQ #1142.