PCI Software Security Framework (PCI SSF) has been put forth by the PCI Standard Security Council, as a set of defined software security standards and assert all the associated validations related to the design and development of modern payment software systems.
Under this framework, PCI Secure Software Standard v1.0 (PCI SSS) & PCI Secure SLC Standard (Secure SLC) v1.0 standards have been formed and put forth, intended to be used by payment software vendors. Apart from that a Validation framework has also been placed for software vendors, along with a qualification program for assessors
- PCI Secure Software Standard (PCI SSS) v1.0 defines the security requirements and procedures essential for the protection of integrity and confidentiality of payment data.
- PCI Software Life Cycle (PCI SLC) v1.0 outlines the requirements and procedures for vendors to validate how they manage the security of payment software, while developing the entire software life cycle.
Eventually PA-DSS and its components will be adapted into PCI-SSF, after its expiration in 2022
As your PCI Software Security Framework (PCI SSF) compliance partner, QRC will assist and assess you at each step of your compliance activity, right from scope definition until attaining compliant status.
- PCI SSS:Determine the scope as per the security characteristics, controls, features, and functionalities that payment software must possess and maintain throughout its lifecycle, designed by the vendor
PCI SLC:Determine the scope as per the processes, technology, and personnel involved in the design, development, deployment, and maintenance of the vendor’s payment software products and services.
- Analysing the business , we determine the relevant system components to be considered ‘In-Scope’ of our assessment.
- Qualified professional will determine the gaps in the controls and will provide the necessary support for recommendation and remediation for the same.
- Check for compliance with the PCI Software Security Framework standards and its components, and the organization's policy procedure requirements.
- Provide regular status report to all the concerned person for better visibility of the project.
- Account for client requirements and customize everything accordingly.
- Regular Brainstorming session with all interested parties for better conclusions and documentation.
- Adhering to the PCI Software Security Framework compliance requirements, QRC will help you in eliminating the risk of unnecessary penalties and Data Breach Complications.
- Decreasing the probable attack surface of your software environment and assure that appropriate security & protection mechanism are in place.
- Ensure that critical assets are protected and secure authentication and access controls are implemented.
- Ensure you are meeting your legal obligations and comply with any other applicable regulations.
- Provide customers and stakeholders with confidence in how you securely manage the risk of the software product, process and environment.
- Ensuring Business Continuity by implementing an internationally recognized, structured methodology for risk management within your organization.
- Providing Protection against Emerging Security Threats and include any changes in the applicable regulatory standards.