PCI SSFYOUR CERTIFICATION ACCORDING TO THE SOFTWARE SECURITY FRAMEWORK
Payment software providers can prove with certifications according to the Software Security Framework (SSF) that both their payment software and their development processes meet comprehensive and strict security standards to protect payment data. The SSF currently comprises two separate standards:
THE SECURE SOFTWARE STANDARD
in its current version concerns payment applications that store, process or transmit credit card data. Further additions, for example tailored to specific technologies, will be added in the future.
THE SECURE SOFTWARE LIFECYCLE STANDARD (SECURE SLC)
is an optional company certification, with which software manufacturers can prove that they have integrated comprehensive security measures into their complete software lifecycle.
HOW TO GET STARTED
SSF SCOPE WORKSHOP
We always start with a Scope Workshop, in which you receive a comprehensive introduction to the topic. The workshop provides information on the relevant certification scope and forms the basis for estimating the cost of the offer.
SSF GAP ANALYSIS
We recommend that you have an SSF Gap Analysis performed in addition to the Scope Workshop in order to be able to identify deviations from the standards in good time and correct them before the assessment.
YOUR TRANSITION FROM PA-DSS TO SSF
The SSF will completely replace the Payment Application Data Security Standard (PA-DSS), the current security standard for payment software issued by the PCI Security Standards Council, within the next few years.
Our experts will explain to you in detail what innovations you can expect from your SSF certification. We will be happy to help you through a smooth transition from PA-DSS to SSF.