PCI SSC unveils new assessor qualification program

The PCI Security Standards Council (PCI SSC) launched a new assessor qualification program to support the PCI Software Security Framework (SSF), a collection of standards and programs for the secure design, development, and maintenance of payment software.

Through the SSF Assessor Program, PCI SSC qualifies companies and their employees to assess vendors’ software lifecycle management practices and payment software products to the PCI Secure Lifecycle (Secure SLC) and Secure Software Standards.

“Software Security Framework Assessor qualification provides new opportunities for both existing and new assessors and offers great growth potential as the SSF expands in the future to support additional types of software,” said PCI SSC Senior Director of Certification Programs, Gill Woodcock.

Eligible organizations can apply now on the PCI SSC website to become SSF Assessor Companies. SSF Assessor Company qualification is open to any company that meets the Software Security Framework Assessor – Qualification Requirements including, but not limited to QSA Companies.

Companies can qualify to perform Secure SLC assessments, Secure Software assessments, or both. In order to be listed as an SSF Assessor Company on the PCI SSC website, the company must have at least one employee successfully complete the Secure Software Assessor or Secure SLC Assessor training and exam.

PCI SSC will begin accepting applications from SSF Assessor Company employees in November, and training will be available in early 2020.