Registration Now Open for Online, Instructor-led SSF Training Classes

Software Security Framework Assessor Companies (SSF Assessor Companies) are independent security organizations that are qualified by PCI SSC to perform assessments to the Secure Software Standard, the Secure Software Lifecycle Standard or both. 

SSF Assessor Company qualification is open to any company that meets the Software Security Framework Assessor Qualification Requirements. It provides an opportunity to become certified to perform assessments under the PCI SSC Software Security Framework (SSF), which includes a methodology for validating software security and a separate secure software lifecycle qualification for vendors with robust security development practices.  

These online classes are available for qualification or knowledge training.

2024 Virtual Instructor-led Training (vILT):

  • 16 April - Secure Software Lifecycle Assessor: 09:00-17:30 ET (13:00-21:30 UTC) 
  • 18 April - Secure Software Assessor : 09:00-17:30 ET (13:00-21:30 UTC)
  • 20 August - Secure Software Lifecycle Assessor: 09:00-17:30 ET (13:00-21:30 UTC) 
  • 22 August - Secure Software Assessor : 09:00-17:30 ET (13:00-21:30 UTC)
Request More Information

Eligible organizations can apply now to become SSF Assessor Companies by visiting the Secure SLC Assessor or Secure Software Assessor pages on the PCI SSC website and following the steps outlined in the registration process.

> More info on Secure SLC Assessor
> More info on Secure Software Assessor

Upon completion of training and passing the corresponding exam, you’ll be able to

  • Conduct Secure Software Assessments
  • Conduct Secure SLC Assessments
  • Assess and validate Payment Software for compliance with the PCI Secure Software Standard
  • Validate and attest to an entity’s compliance with the Secure SLC Standard
  • Prepare appropriate compliance reports

Knowledge Training

Knowledge Training is open to anyone who wishes to obtain additional knowledge of our standards and programs. A learner receiving a Knowledge Training acknowledgment are not qualified to perform PCI SSC related assessment or services. They now have demonstrated they have the knowledge and language to speak internally and externally to their organization about a specific version of a standard and program.

To find out more about taking these classes for knowledge purposes, please see our recent blog post.

> More info on Knowledge Training


For More Information:

Visit the Secure SLC Assessor or Secure Software Assessor pages on the PCI SSC website, the PCI Perspectives blog or contact the program manager at: +1-781-876-6267 or


Stay up to date with PCI Security Standards Council! Follow us today.
linkedin-rounded.png twitter-rounded.png blog-rounded.png YouTube Icon for Footer