Schellman listed as one of the first PCI Software Security Framework Assessors

Jacob Ansari

Recently, Schellman & Company has become one of the first firms in the industry to offer PCI Software Security Framework (SSF) assessments as a Secure Software and a Secure SLC Assessor. As the newest application security framework published by the PCI SSC, the SSF provides an objectives-based approach to assessing the design, development, testing, and maintenance of software that handles payment card data.

The framework itself contains two standards:

The Secure Software Lifecycle Standard – An interview and document-based assessment that focuses on software development and security practices.
The Secure Software Standard – Application security testing by the assessor that requires code reviews, forensic analysis, and the use of static and dynamic code analysis tools.

PCI practice director Jacob Ansari says,

“After working with the PCI SSC for several years to help develop this framework, we’re happy to see the framework fully realized and look forward to working with our clients to comply with these standards.”

For information about the PCI SSF, please contact pci@schellman.com.

About the Author

Jacob Ansari is the Chief Information Security Officer at Schellman & Company, where he develops and manages the company-wide information security program. Jacob oversees the processes for risk and security assessment, vulnerability management, software security, awareness and education, and incident response. Jacob has also performed in a client facing role as the technical lead for Schellman’s PCI services, and represents Schellman to the payments industry. Additionally, Jacob has experience with other Payment Card Industry assessment services, namely Software Security Framework, PA-DSS, P2PE, 3DS, and PIN. Jacob has extensive technical expertise on matters of information security, compliance, application security, and cryptography, and has been performing payment card security assessments since the card brands operated the predecessor standards to PCI DSS. Over the 20 years of his career, Jacob has spoken extensively on PCI-related matters, trained and mentored assessors, and contributed to groups on emerging standards, advisory bodies, and special interest groups.
More Content by Jacob Ansari

Return to Home

Stay up to date and discover new insights into compliance through our team’s thought leadership

Schellman listed as one of the first PCI Software Security Framework Assessors

About the Author

Previous Article

Next Article

Schellman listed as one of the first PCI Software Security Framework Assessors

About the Author

Previous Article

Next Article

Most Recent Articles

Lightyear Capital Partners with Schellman & Company to Support Next Phase of Growth

For CSPs looking to better understand FedRAMP security requirements for containers, Schellman Manager Matt Hungate provides an overview

Schellman's Will Carlson offers guidance on how you can make the most impact with your charitable donations

Schellman's Michael Redman offers ransomware prevention and recovery measures for organizations

Schellman's Chris Smith selected to attend the AICPA 2021 Leadership Academy

EU Cloud CoC General Assembly welcomes Schellman as the newest supporting member of the EU Cloud Code of Conduct

Schellman's Eric Aulbach offers tips to help auditors streamline their Busy Season

Schellman certified as one of Great Place to Work’s GPTW Fortune Best Small and Medium Workplaces 2021 ranking 80th

Schellman & Company places #65 among IPA Top 400 Firms 2021 rising ten places from its 2020 ranking

Schellman & Company places #75 among GPTW Fortune Best Workplaces for Millennials in 2021

Schellman's Bryan Harper provides an overview of Zero Trust principles and implementation practices

What sets ISO 27001 apart from other compliance standards and why should organizations seek certification? Schellman's Ben Kwan explains

Schellman's Jeannette Buttler shares five qualities to keep in mind when evaluating what makes an assessor truly "good"

Schellman's Danny Manimbo offers hope and encouragement to others by sharing his family's infertility journey

Schellman Principal, Matt Wilgus addresses one of the biggest challenges frequently seen in planning penetration tests—timing

Schellman's Debbie Zaller provides an overview of the HHS issued HITECH Act amendment

As the number of remote workers and IoT devices grows attack surface expands. Is AI the best option for defending data? Schellman CISO Jacob Ansari offers insights.

Schellman's Nisha Sunadham shares her family's immigration story, in honor of AAPI Heritage Month

Schellman's David Baca shares challenges he's had to overcome as a Veteran during his transition from military service into civilian life

How online merchants can utilize Reference Architecture to help alleviate PCI DSS compliance confusion Earlier this month, Oracle Cloud Infrastructure (OCI) published a Reference Architectur