Secure Software Lifecycle (Secure SLC)

Secure Software Lifecycle (Secure SLC)

ssf-slc-1

Secure Software Lifecycle (Secure SLC)

The Secure Software Lifecycle (SLC) Standard offers security requirements for software vendors and developers to ensure security is integrated throughout the entire software lifecycle and that software is secure by design and able to withstand attack.

Implementing secure software lifecycle concepts helps software vendors and developers maintain secure software products throughout the software lifecycle (design, development, deployment, and maintenance).

Important Information

Photo.png

Intended Audience

Software vendors that develop software that is commonly deployed in a payment environment.

Photo-1.png

Secure Software Lifecycle (SLC) Standard Documents

Find all of the related documents in the PCI SSC Document Library.

Visit the Document Library
Photo-2.png

Listings & Professionals

PCI SSC encourages merchants and service providers to use the PCI SSC listing in selecting a PCI-listed secure SLC qualified software vendor that meets their needs.

Secure SLC-Qualified Software Vendors

PCI Secure SLC Assessors are qualified and trained by PCI SSC to perform independent assessments against the PCI Secure SLC Standard and in accordance with the Secure SLC Program Guide.

Software Security Framework Assessors

Resources

Frequently Asked Questions

View

Global Content Library

View

PCI SSC Glossary

View

PCI SSC Newsroom

View

Hear more on Coffee with the Council

View

Secure Software Framework Blog Posts

View

Find Important Documents

Document Library

In the Media

View

Press Release

View

PCI SSC Threat Center

View

Training Information

PCIP

PCIP

The Payment Card Industry Professional is an individual, entry-level certification in payment security information and provides you with the understanding to help your organization build a secure payment environment. Becoming a PCIP demonstrates a level of understanding that can provide a strong foundation for a career in the payments security industry.

More information
Secure SLC

Secure SLC

Perform assessments of entities in accordance with the Secure Software Lifecycle Requirements and Assessment Procedures.

More information
Knowledge Training

Knowledge Training

Knowledge Training courses are designed to bridge the knowledge gap between organizations and assessors by providing learning opportunities for individuals to take the same training and exam as the Assessor. Upon successful completion of training, learners will be given an acknowledgement of completion as well as the option to complete the exam and receive a digital badge.

More information
Corporate Group Training

Corporate Group Training

Get your team trained together! We are pleased to offer all our PCI training programs as either in-person or remote Instructor-led eLearning. Learn directly from an instructor with hands-on experience in the field of payments security. Your organization will receive all the benefits of an instructor-led training class, at a time and place most convenient for you and your staff.

More information

Compliance programs for all PCI SSC standards are managed by the payment brands. Questions about which entities need to validate compliance to any PCI SSC standard, or whether use of a PCI-listed product is required and for which entities, should be referred to the payment brands. Contact information for the payment brands is in FAQ #1142.