Schellman listed as one of the first PCI Software Security Framework Assessors

Jacob Ansari

Recently, Schellman & Company has become one of the first firms in the industry to offer PCI Software Security Framework (SSF) assessments as a Secure Software and a Secure SLC Assessor. As the newest application security framework published by the PCI SSC, the SSF provides an objectives-based approach to assessing the design, development, testing, and maintenance of software that handles payment card data.

The framework itself contains two standards:

The Secure Software Lifecycle Standard – An interview and document-based assessment that focuses on software development and security practices.
The Secure Software Standard – Application security testing by the assessor that requires code reviews, forensic analysis, and the use of static and dynamic code analysis tools.

PCI practice director Jacob Ansari says,

“After working with the PCI SSC for several years to help develop this framework, we’re happy to see the framework fully realized and look forward to working with our clients to comply with these standards.”

For information about the PCI SSF, please contact pci@schellman.com.

About the Author

Jacob Ansari is the Chief Information Security Officer at Schellman & Company, where he develops and manages the company-wide information security program. Jacob oversees the processes for risk and security assessment, vulnerability management, software security, awareness and education, and incident response. Jacob has also performed in a client facing role as the technical lead for Schellman’s PCI services, and represents Schellman to the payments industry. Additionally, Jacob has experience with other Payment Card Industry assessment services, namely Software Security Framework, PA-DSS, P2PE, 3DS, and PIN. Jacob has extensive technical expertise on matters of information security, compliance, application security, and cryptography, and has been performing payment card security assessments since the card brands operated the predecessor standards to PCI DSS. Over the 20 years of his career, Jacob has spoken extensively on PCI-related matters, trained and mentored assessors, and contributed to groups on emerging standards, advisory bodies, and special interest groups.
More Content by Jacob Ansari

Return to Home

Stay up to date and discover new insights into compliance through our team’s thought leadership

Schellman listed as one of the first PCI Software Security Framework Assessors

About the Author

Previous Article

Next Article

Schellman listed as one of the first PCI Software Security Framework Assessors

About the Author

Previous Article

Next Article

Most Recent Articles

January is National Blood Donor Month - find out how you can help ease the critical blood shortage and give to someone in need.

Wondering whether to go through with getting ISO 27001 certified? There might be ample planning and preparation involved, but here are 5 ways an ISO 27001 certification can benefit your organization.

SOC 2 and ISO 27001 are both well-respected and popular compliance initiatives, but which is right for you? Learn about their similarities and their differences to help you decide.

Should you get a SOC 2 examination or a SOC 3? Can you just get a SOC 3? Let us explain the differences between these options to help you choose which is best for you, because it might even be both.

Creating your own key encryption hierarchies can provide a great advantage in your payment security assessments. Let us explain how they work and how you can build yours.

As we prepare for the launch of CMMC, we explain how to use more familiar compliance territory to understand and shape your eventual CMMC scope.

Preparing for an audit can be a lot of work. Learn about exactly what you can do to put yourself in the best position for your on-site visit ahead of your payment card assessment.

Already have a completed SOC report in hand? Here are 3 easy ways you can streamline your next examination to ensure you have an even better audit experience.

Needing a PIN assessment but don't know how to fit it into your schedule? We break down the 4 phases of the process to help you understand what to expect in terms of time commitment.

Wondering how much time it takes to get a SOC report? If there's time to get one before your deadlines? Learn about the typical timelines for the different SOC reports & what to expect throughout.

Schellman defines success through creating a satisfying work experience for its people. Read about our benefits package and exactly what sets us apart from other IT audit and compliance firms.

Different generations are vulnerable to cybersecurity attacks in different ways. Learn how to establish a security program that works for everyone so that your organization is more well protected.

Are you trying to obtain FedRAMP Authority to Operate? Understand both approaches to the program and each of their pros and cons to learn which one would suit your organization best.

Testing a mobile application and frustrated watching some traffic slip away from your settings? Learn about a technique that can help stop that from happening so you can capture everything every time.

Considering a PIN assessment but not sure if you're ready? Learn about the three phases of preparation so that you can pave your path to success.

Considering a SOC report but not sure which to choose? In this article, we define both SOC 1 and SOC 2 in terms of what they evaluate to help you understand which report is best for your organization.

On the fence about investing in a SOC 2 report? Learn about the benefits to your organization beyond just satisfying your customer requirements.

Does your organization handle PIN data? Learn about an assessment that could benefit your security measures surrounding this sensitive information.

Trying to decide between a Type 1 or a Type 2 SOC report? Learn the differences and benefits to understand what suits your organization best.

Working with Burp and finding that you need a workaround? Learn how to build your own extension and potentially solve your problem.