Schellman listed as one of the first PCI Software Security Framework Assessors

Schellman listed as one of the first PCI Software Security Framework Assessors

Recently, Schellman & Company has become one of the first firms in the industry to offer PCI Software Security Framework (SSF) assessments as a Secure Software and a Secure SLC Assessor. As the newest application security framework published by the PCI SSC, the SSF provides an objectives-based approach to assessing the design, development, testing, and maintenance of software that handles payment card data.

The framework itself contains two standards:

  • The Secure Software Lifecycle Standard – An interview and document-based assessment that focuses on software development and security practices.
  • The Secure Software Standard – Application security testing by the assessor that requires code reviews, forensic analysis, and the use of static and dynamic code analysis tools.

PCI practice director Jacob Ansari says,

“After working with the PCI SSC for several years to help develop this framework, we’re happy to see the framework fully realized and look forward to working with our clients to comply with these standards.”

Overview of PCI SSF

For information about the PCI SSF, please contact pci@schellman.com.

About the Author

Jacob Ansari

Jacob Ansari is a Senior Manager at Schellman & Company. Jacob performs and manages PCI DSS assessments. Additionally, Jacob oversees other Payment Card Industry assessment services, namely PA-DSS, P2PE, and 3DS. Jacob's career spans nearly 20 years of information security consulting and assessment services, including network and application security assessments, penetration testing, forensic examinations, security code review, and assessment of cryptographic systems. Jacob has performed payment card security compliance assessments since the payment card brands operated their own standards prior to the advent of PCI DSS.

More Content by Jacob Ansari
Previous Article
Socially Distant PCI DSS Assessments
Socially Distant PCI DSS Assessments

The PCI SSC has published blogs and guidelines for when remote work is necessary, including the Remote Asse...

Next Flipbook
Overview of the PCI SSF
Overview of the PCI SSF

The SSF provides an objectives-based approach to assessing...