PCI Security Standards Council®

Secure Software Assessor

The Secure Software Assessor course provides instruction on how to perform assessments of payment software in accordance with the Secure Software Requirements and Assessment Procedures (PCI Secure Software Standard). This training will provide you with an understanding of the requirements with corresponding assessment procedures and guidance for the development of secure payment software.

Upon completion of the course, you’ll be able to conduct Secure Software Assessments, assess and validate Payment Software for compliance with the PCI Secure Software Standard and prepare appropriate compliance reports (such as Secure Software Reports on Validation (ROV)).

Registration Process

In order to attend Secure Software Assessor training for certification, you must be a full-time employee of an active Software Security Company. Please see the Software Security Framework Qualification Requirements for Assessors for more details.

Secure Software Assessor: Registration Process

Step 1 - Review

Refer to the Software Security Framework Qualification Requirements for Assessors for complete program description and requirements and to confirm that you are suited for the program.

Then complete the Software Security Assessor Company registration form online (see step 2).

Step 2 - Apply

Complete the online application form through PCI SSC’s secure portal. Application requirements include:

  • Submit Software Security Assessor Company registration form.
  • Complete company application (Primary Contact will gain access to the online application only after the Software Security Assessor Company registration form has been approved by PCI SSC).
  • Enroll professionals in Secure Software Assessor training (Primary Contact will have the ability to enroll professionals in Secure Software Assessor training through the portal only after the Software Security Assessor Company application has been approved).
  • Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of Secure Software Assessor training request approval). For more information about the training fees, please see the Software Security Framework Pricing page.

Step 3 - Train

Upon receipt of payment the primary contact will receive the location details for the instructor-led class or CBT details if applicable.

Step 4 - Enrollment

Once the application has been approved by the PCI Security Standards Council, and its designated Secure Software Assessor employees have completed the Secure Software Assessor training and passed the exam, the Secure Software Assessor Company will receive confirmation of acceptance into the program, and the Secure Software Assessor employees will each receive a Certificate of Qualification. The Secure Software Assessor employees will be added to the Council's database of certified Secure Software Assessor personnel, and the company may now perform its own security assessments until the time comes to complete the annual Requalification training to maintain the certification.

Only those who have taken and passed the exam become Qualified Secure Software Assessors.

Course Details

  • Support your client’s ongoing security and compliance efforts through your knowledge of the Secure Software Standard
  • Gain recognition of your professional achievement with this industry credential
  • Expand your knowledge in securing payments with in-depth software security training
  • Listing in a searchable directory on the PCI website
  • Earn Continuing Professional Education (CPE) credits

The PCI Secure Software Standard provides a set of security requirements as well as assessment procedures for performing PCI Secure Software Assessments. The training program is comprised of an online fundamentals course and exam and a two-day instructor-led course and exam.

Existing PCI SSC qualified PA-QSAs are eligible for a modified training requirement to transition to Secure Software Assessors. In addition to meeting the SSF Qualification Requirements for Assessors, PA-QSAs may complete computer-based training (CBT) and the corresponding exam, instead of instructor-led training required for new assessors.

The Secure Software Assessor training covers the PCI Secure Software Requirements and Assessment Procedures (PCI Secure Software Standard). Candidates will learn how to:

  • Perform Secure Software Assessments
  • Verifying the work product addresses all Secure Software Assessment procedure steps and supports the validation status of the payment software
  • Strictly following the Secure Software Standard and PCI Secure Software Assessor Program Guide
  • Effectively use the PCI Secure Software ROV Reporting Template to produce Secure Software Reports on Validation (Secure Software ROVs)
  • Learn how to complete the Secure Software ROV and Secure Software AOV (Attestation of Validation) documentation required for submission of completed assessments
How to Prepare

Prior to taking the Secure Software training and exam, candidates must complete the prerequisite course and exam on PCI Fundamentals and should familiarize themselves with information regarding the Secure Software Standard, the Secure Software program and supporting documents. These materials may be found in the Document Library.

Class Schedule

SSA 2022 Classes

Remote classes are a combination of eLearning and a live webinar.

Webinar dates are listed below.

Date of Live Webinar
Date of Live Webinar:3 Nov
Time: 09:00-17:30 (EDT)
Price: $2,750 USD
Please note: All fees are NON-REFUNDABLE and NON-TRANSFERABLE. The training and exam will be delivered in English.

Price does not include any applicable VAT/HST/GST which will appear on your invoice.

Informational Training

For more information and to register for Informational training, please click here.


Fee Category
Fee Category Software Security Assessor Company Fee
Fee: $10,000 USD
Fee Category Secure Software Standard Training New - Transitioned
Fee: $1,800 USD
Fee Category Secure Software Standard Training New
Fee: $2,750 USD
Fee Category Secure Software Standard Training Requalification
Fee: $1,650 USD
Please note: Unless otherwise specified, all fees are in US Dollars. All course fees are NON-TRANSFERABLE and NON-REFUNDABLE.

Requalification Requirements

In order to maintain the high standards set for this certification, all Secure Software assessors must pass a requalification exam every 12 months, sign and accept the terms of the PCI SSC Code of Responsibility in order to continue as an active Secure Software Assessor for their company.

The requalification course is offered in a convenient eLearning format. All training enrollment requests must be submitted through the company's primary contact via the PCI Portal.

Registration into requalification training must be submitted and approved by the certification expiry date. A Secure Software Assessor who is not registered for requalification training before midnight Eastern Time on their certification expiry date, or who does not achieve a passing score on the exam by the end of the two week grace period, will be required to re-enroll as a new candidate.

Requalification Process

The Council emails courtesy reminders 90 days in advance of your qualification expiry date. To complete the requalification process, a requalification registration must be submitted prior to the expiry date and a passing score must be achieved on the exam no later than 14 days after the expiry date.

  • Select a requalification option in the PCI Portal and submit your registration
  • An invoice will be emailed within 2-3 business days
  • You will receive an email containing instructions and credentials to complete the requalification exam within 2 business days of payment processing
  • Once you successfully pass the exam, a new certificate will be emailed, and you’ll be listed on the PCI website as a Secure Software Assessor for another year

Right for you?

If you possess substantial information security knowledge and experience to conduct technically complex security assessments along with the requisite years of experience in the following software development and security disciplines, consider the Secure Software Assessor qualification.
  • Requirements Definition and Management
  • Software/Systems Design
  • Data Modelling and Design
  • Programming/Software Development
  • Software/Systems Testing
  • Software security risk assessment
  • Software security controls selection
  • Secure software architecture
  • Threat & vulnerability detection and management
  • Software penetration testing
  • Incident detection and response
Request More Information

Download Case Studies

View Bit9 Case Study
View Excentus Case Study

Our website uses both essential and non-essential cookies (further described in our Privacy Policy) to analyze use of our products and services. By clicking “ACCEPT” below, you are agreeing to our use of non-essential cookies to provide third parties with information about your usage and activities. If you click “DECLINE” below, we will continue to use essential cookies for the operation of the website.

Powered by Translations.com GlobalLink OneLink SoftwarePowered By OneLink