Software Security Framework Training Classes

Software Security Framework Training Classes
Registration Now Open for Online, Instructor-led SSF Training Classes
Software Security Framework Assessor Companies (SSF Assessor Companies) are independent security organizations that are qualified by PCI SSC to perform assessments to the Secure Software Standard, the Secure Software Lifecycle Standard or both.
SSF Assessor Company qualification is open to any company that meets the Software Security Framework Assessor
Qualification Requirements
. It provides an opportunity to become certified to perform assessments under the PCI SSC Software Security Framework (SSF), which includes a methodology for validating software security and a separate secure software lifecycle qualification for vendors with robust security development practices.
These online classes are available for
qualification or knowledge
training.
2026 Virtual Instructor-led Training (vILT):
5 - 6 May - Secure Software Lifecycle Assessor
09:00-13:00 ET (13:00-17:00 UTC)
12 - 13 May - Secure Software Assessor
09:00-13:00 ET (13:00-17:00 UTC)
8 - 9 December - Secure Software Lifecycle Assessor
08:30-12:30 ET (13:30-17:30 UTC)
15 - 16 December - Secure Software Assessor
08:30-12:30 ET (13:30-17:30 UTC)
Eligible organizations can apply now to become SSF Assessor Companies by visiting the
Secure SLC Assessor
or
Secure Software Assessor
pages on the PCI SSC website and following the steps outlined in the registration process.
> More info on Secure SLC Assessor
> More info on Secure Software Assessor
Upon completion of training and passing the corresponding exam, you’ll be able to
Conduct Secure Software Assessments
Conduct Secure SLC Assessments
Assess and validate Payment Software for compliance with the PCI Secure Software Standard
Validate and attest to an entity’s compliance with the Secure SLC Standard
Prepare appropriate compliance reports
Knowledge Training
Knowledge Training is open to anyone who wishes to obtain additional knowledge of our standards and programs. A learner receiving a Knowledge Training acknowledgment are not qualified to perform PCI SSC related assessment or services. They now have demonstrated they have the knowledge and language to speak internally and externally to their organization about a specific version of a standard and program.
To find out more about taking these classes for knowledge purposes, please see our
recent blog post
> More info on Knowledge Training
For More Information:
Visit the
Secure SLC Assessor
or
Secure Software Assessor
pages on the PCI SSC website, the
PCI Perspectives blog
or contact the program manager at: +1-781-876-6267 or
software@pcisecuritystandards.org
Stay up to date with PCI Security Standards Council! Follow us today.