PCI SSF

YOUR CERTIFICATION ACCORDING TO THE SOFTWARE SECURITY FRAMEWORK

REMOTE ASSESSMENTS

We are currently converting our on-site assessments into remote assessments wherever possible. Click here for our current FAQ on remote assessments.

Payment software providers can prove with certifications according to the Software Security Framework (SSF) that both their payment software and their development processes meet comprehensive and strict security standards to protect payment data. The SSF currently comprises two separate standards:

THE SECURE SOFTWARE STANDARD

in its current version concerns payment applications that store, process or transmit credit card data. Further additions, for example tailored to specific technologies, will be added in the future.

 

THE SECURE SOFTWARE LIFECYCLE STANDARD (SECURE SLC)

is an optional company certification, with which software manufacturers can prove that they have integrated comprehensive security measures into their complete software lifecycle.

YOUR CERTIFICATION PROCESS

HOW TO GET STARTED

SSF SCOPE WORKSHOP

We always start with a Scope Workshop, in which you receive a comprehensive introduction to the topic. The workshop provides information on the relevant certification scope and forms the basis for estimating the cost of the offer.

SSF GAP ANALYSIS

We recommend that you have an SSF Gap Analysis performed in addition to the Scope Workshop in order to be able to identify deviations from the standards in good time and correct them before the assessment.

YOUR TRANSITION FROM PA-DSS TO SSF


 

The SSF will completely replace the Payment Application Data Security Standard (PA-DSS), the current security standard for payment software issued by the PCI Security Standards Council, within the next few years.

Our experts will explain to you in detail what innovations you can expect from your SSF certification. We will be happy to help you through a smooth transition from PA-DSS to SSF.

Contact us