Schellman listed as one of the first PCI Software Security Framework Assessors

Schellman listed as one of the first PCI Software Security Framework Assessors

Recently, Schellman & Company has become one of the first firms in the industry to offer PCI Software Security Framework (SSF) assessments as a Secure Software and a Secure SLC Assessor. As the newest application security framework published by the PCI SSC, the SSF provides an objectives-based approach to assessing the design, development, testing, and maintenance of software that handles payment card data.

The framework itself contains two standards:

  • The Secure Software Lifecycle Standard – An interview and document-based assessment that focuses on software development and security practices.
  • The Secure Software Standard – Application security testing by the assessor that requires code reviews, forensic analysis, and the use of static and dynamic code analysis tools.

PCI practice director Jacob Ansari says,

“After working with the PCI SSC for several years to help develop this framework, we’re happy to see the framework fully realized and look forward to working with our clients to comply with these standards.”

Overview of PCI SSF

For information about the PCI SSF, please contact

About the Author

Jacob Ansari

Jacob Ansari is the Security Advocate at Schellman, where he leads the firm's security best practices advocacy. Jacob develops and leads educational efforts on security practices, emerging and extant threats, and related industry developments for both internal and external audiences, and regularly represents the firm as an experienced security practitioner, security officer, and industry expert on technical information security matters and leadership in the space. Jacob has also acted as the CISO for the firm and has an extensive history in a client facing role as the technical lead for Schellman’s PCI services. Additionally, Jacob has experience with other Payment Card Industry assessment services, namely Software Security Framework, PA-DSS, P2PE, 3DS, and PIN. Jacob has extensive technical expertise on matters of information security, compliance, application security, and cryptography, and has been performing payment card security assessments since the card brands operated the predecessor standards to PCI DSS. Over the 20 years of his career, Jacob has spoken extensively on security-related matters, trained and mentored assessors, and contributed to groups on emerging standards, advisory bodies, and special interest groups.

More Content by Jacob Ansari
Previous Article
FedRAMP: Things Changed. At Schellman, Our Process was Ready
FedRAMP: Things Changed. At Schellman, Our Process was Ready

Every industry has been forced to scale processes and adapt business models to maintain their foothold in a...

Next Article
CCPA - Updated Draft Regulations
CCPA - Updated Draft Regulations

The CCPA went live on January 1, 2020. The California Attorney General (AG) has issued the second and third...


First Name
Error - something went wrong!