PCI SSF

Your certification according to the Software
Security Framework.

Payment software providers can prove with certifications according to the Software Security Framework (SSF) that both their payment software and their development processes meet comprehensive and strict security standards to protect payment data. The SSF currently comprises two separate standards:

The Secure Software Standard

in its current version concerns payment applications that store, process or transmit credit card data. Further additions, for example tailored to specific technologies, will be added in the future.

The Secure Software Lifecycle Standard (Secure SLC)

is an optional company certification with which software manufacturers prove that they have integrated comprehensive security measures into the entire software lifecycle..

Your certification process

Kick-off

Introduction to the Software Security Framework. Together with you, we will discuss the certification relevance of your applications or development processes within the scope of a Scope Workshop, depending on the certification you are aiming for. Any directly recognizable deviations from the specifications of the SSF standards will be named.

Preparation

In preparation for your certification, we check compliance with the requirements of the SSF standards with the aid of a Gap Analysis. This gives you the opportunity to detect existing deviations in the software and in the relevant processes for development, testing, deployment and support, as well as in the associated documentation, at an early stage and to correct them before the official certification is granted.

In addition, we offer to test your application or your systems with a Pentest for technical weak points and vulnerabilities. Our experts train your software developers and those responsible for quality assurance in secure software development.

Certification

The on-site assessment itself is the formal process in which accredited auditors check your company’s processes and applications within the scope for compliance with the requirements of the SSF standards.

The results of the on-site assessment are documented, including any necessary recommendations for action. You then correct any documented deviations from the SSF standards. Your corrections are subsequently reviewed by your auditor who at he same time produces the official assessment report.

Once you have given your go-ahead, the report is sent to the PCI Council for review. After approval by the PCI Council, you will receive a certificate issued by your assessor and a seal of approval which you can embed on your website.

Audit nach PCI DSS v4.0

Compliance

After your successful certification, we support you in the ongoing maintenance of your compliance. We will discuss relevant changes at your company or changes to the security standard itself and discuss the resulting measures to maintain your compliance.

How to get started

SSF scope workshop

We always start with a Scope Workshop, in which you receive a comprehensive introduction to the topic. The workshop provides information on the relevant certification scope and forms the basis for estimating the cost of the offer.

SSF Gap Analysis

We recommend that you have an SSF Gap Analysis performed in addition to the Scope Workshop in order to be able to identify deviations from the standards in good time and correct them before the assessment.

Learn more about PCI SSF

Our webinar covered an introduction to the new PCI Software Security Framework as well as a basic understanding of the respective standards and the changes and possibilities for affected businesses.

Our expert’s opinion on the Software Security Framework

Contact

 

Please contact us with any questions or queries.

Phone: +49 6102 8631-190
Email: sales@usd.de
PGP Key
S/MIME
Contact Form

 

Benedikt Krümmel
usd Technical Sales Consultant,
PCI Professional