PCI Software Security Framework (SSF) Assessments
It’s hard to get on the Validated Payment Software List. We’ll make sure you get there.
Assurance
Compliance
On-Time Delivery
PCI-SSF Assessment
If you develop payment software, your clients want to know that the software meets SSF requirements for the Payment Card Industry.
Don’t waste time on an assessment that leaves you still feeling uncertain.
What if Visa and Mastercard don’t accept your report?
What if you’re non-compliant because your audit doesn’t catch everything?
What if your audit partner isn’t experienced enough to guide you through the complexities of getting on the compliance list?
We believe if you are going to do a PCI-SSF assessment, it should be worth it.
Quality Testing
Assurance doesn’t come from a checklist. It requires a diligent examination of your unique environment from trusted cybersecurity experts to know your controls are effective. Be sure your audit gives you the results you deserve.
Interactive Platform
Compliance can’t be put on autopilot. With the Online Audit Manager, onsite visits, and direct communication with a dedicated team of security professionals, your KP assessment experience will make sure your assessment is worth it.
Experienced Auditors
Confidence comes from experience. Our auditors have been in the industry, in your exact positions, and are passionate about making sure your audit is successful and maybe even fun. And they have a lot of certifications.
Hit Your Deadlines
On-time delivery is a given. Everyone has different deadlines, but our process will make sure you meet yours. When you partner with KirkpatrickPrice, you’ll never sacrifice quality because of a deadline. We’ll support you as you try to get on the list.
PCI FAQs
-
How much does an SSF assessment cost?
Pricing for an SSF assessment depends on scoping factors, including software components, infrastructure, third parties, and penetration testing requirements. Pricing will also vary based on the optional inclusion of a gap analysis.
-
How long does an SSF assessment take to complete?
The average SSF assessment can take anywhere from weeks to months, depending on your level of preparedness and staff’s availability for interviews and control demonstration. To satisfy the Secure Software requirements for an engagement, the assessor must validate scope, perform testing procedures, and document conclusions. These steps require time from the service organization’s management, which can be compressed or extended to meet your timeline needs. You can save time by leveraging the Online Audit Manager to maintain the evidence you need for compliance.
-
What do I receive when my SSF assessment is complete?
SSF assessments culminate in a final report to communicate confidence and assurance that payment software is protected against the most damaging forms of threats. The components and formatting of SSF reports delivered by KirkpatrickPrice are based on guidelines provided by the PCI SSC and written by our in-house Professional Writing team.
-
How long is an SSF Report on Validation valid?
SSF RoVs have a three-year validation period. However, your organization must complete an annual attestation for administrative changes, low impact changes, or even no changes to the software. Significant changes in scope would result in a new RoV.
-
How often does an SSF assessment need to be performed?
SSF RoVs have a three-year validation period. However, your organization must complete an annual attestation for administrative changes, low impact changes, or even no changes to the software. Significant changes in scope would result in a new RoV.
-
Who is involved in an SSF assessment?
In every SSF engagement, the assessor is required by the PCI SSC to maintain communication with management and those charged with governance. Other team members involved in the assessment typically come from engineering, program management, product management, security, DevOps, compliance, etc.– anyone with the appropriate responsibilities for and knowledge of the matters concerned in the assessment.
-
Where can I find more information about SSF assessments?
Visit the PCI Security Standards Council website to learn more about the PCI Security Software Framework here: PCI Security Standards Council Document Library
Testimonials
This kind of consulting is the value-add that we continue to find so rewarding and supportive, in everyone that we encounter at KirkpatrickPrice!
– President, Net Friends
“KirkpatrickPrice has made the audit process more efficient with the tools and partnership mentality that they bring to the table.”
– Director of Security, Compliance, and Technology, Connectria Hosting
Expertise is one of the best things we’ve gotten out of working with KirkpatrickPrice. Their auditors have been helpful in navigating through the audit and beyond. They’ve made themselves available as resources to assess the impact of changes to our controls and infrastructure.
– Security and Compliance Manager, CBOSS
href=u0022https://www.cboss.com/u0022 target=u0022_blanku0022 rel=u0022noopener noreferreru0022u003eCBOSSu003c/au003e
Your tools are fantastic. Extremely easy to use. It provides visibility to what is complete and what is not.
– Security Compliance Architect, Cisco
Every time I leave an engagement with the KirkpatrickPrice team, I leave enlightened and it helps our organization mature towards the point we know we should be.
– CISO and VP of Cloud Operations, Health Catalyst
“I appreciate that they both have the heart of a teacher and aren’t in it for the “gotcha” moments.”
– Lead Developer, AdvicePay
Our Certifications
Get started today.
At KirkpatrickPrice, you’ll have a partner guide you from audit readiness to final report so you get the assurance you deserve.
Get Ready for your Audit
Whether you’ve never been through an audit or completed hundreds, our experts will prepare and empower you to successfully start and complete your audit. With access to our free learning platform, you can run scans, see what you’re missing, prepare documentation, and get access to experts and resources. Then when you’re ready, you can use the same platform to complete your audit. You don’t need extra tools to do an audit.
Partner with an Expert
Our security experts have been in your shoes and know how overwhelming audits can be. Your dedicated specialist will walk you through the entire process from audit readiness to final report.
Get on the List
PCI is complicated, but we make sure it’s worth it. By the end of the process, you will be proud of the work you did and know that it will make a difference in gaining new clients, staying compliant, and protecting your people. Your Attestation of Compliance will prepare you to get on the list.
Starting a PCI audit is overwhelming.
Our Beginner’s Guide to PCI Compliance will prepare you to complete your audit successfully.
You know you need a PCI audit, but don’t know what to expect or how to get started. This guide will prepare you for what your auditors are looking for and how to confidently begin your PCI compliance journey.
Resources
Make Sure You’re Ready
Make sure you’re ready to face today’s threats confidently. Sign up to receive expert tips and guidance from our monthly newsletter, The Readiness Report, right in your inbox!
Wherever you are in your security journey, we’ll meet you there.
We’ve completed audits and security assessments for over 2,000 clients worldwide.
With locations in Atlanta, Bethesda, Chicago, Dallas, Los Angeles, Nashville, New York City, San Francisco, Seattle, and Tampa; KirkpatrickPrice experts are ready to help you achieve your goals.
800-770-2701
Corporate Office
4235 Hillsboro Pike
Suite 300
Nashville, TN 37215
