Secure Software Lifecycle Assessor
The Secure Software Lifecyle (Secure SLC) Assessor course provides instruction on how to perform assessments of entities in accordance with the Secure Software Lifecycle (Secure SLC) Requirements and Assessment Procedures (PCI Secure SLC Standard). This training will provide you with an understanding of the requirements with corresponding assessment procedures and guidance for payment software vendors to design, develop, and maintain secure payment software throughout the software lifecycle.
Upon completion of the course, you’ll be able to conduct Secure SLC Assessments, validate and attest to an entity’s compliance with the Secure SLC Standard and prepare appropriate compliance reports (such as Secure SLC Reports on Compliance (ROC)).
The PCI Secure SLC Standard provides a set of security requirements as well as assessment procedures for performing PCI Secure SLC Assessments. The training program is comprised of an online fundamentals course and exam and a two-day instructor-led course and exam.
Existing PCI SSC qualified QSAs and PA-QSAs are eligible for a modified training requirement to transition to become Secure SLC Assessors. In addition to meeting the SSF Qualification Requirements for Assessors, QSAs and PA-QSAs may complete computer-based training (CBT) and the corresponding exam, instead of instructor-led training required for new assessors.
The Secure SLC Assessor training covers the PCI Secure Software Lifecycle (Secure SLC) Requirements and Assessment Procedures (PCI Secure SLC Standard). Candidates will learn how to:
- Perform Secure SLC Assessments.
- Verify the work product addresses all Secure SLC Assessment procedure steps and supports the validation status of the Vendor.
- Strictly follow the PCI Secure SLC Standard and Secure SLC Program Guide.
- Effectively use the PCI Secure SLC ROC Reporting Template to produce Secure SLC Reports on Compliance (Secure SLC ROCs).
- Validate and attest to an entity’s compliance with the Secure SLC Standard.
- Learn how to complete the Secure SLC ROC and Secure SLC AOC (Attestation of Compliance) documentation required for submission of completed assessments.
- Support your client’s ongoing security and compliance efforts through your knowledge of the Secure SLC Standard.
- Gain recognition of your professional achievement with this industry credential.
- Expand your knowledge in securing payments with in-depth secure software life cycle training.
- Listing in a searchable directory on the PCI website.
- Earn Continuing Professional Education (CPE) credits.
This instructor-led course is available in-person or via eLearning. This class is also available as knowledge training.
Right for You?
If you possess substantial information security knowledge and experience to conduct technically complex security assessments along with the requisite years of experience in these areas, consider the Secure SLC Assessor qualification:
- Software/Systems Design
- Programming/Software Development
- Software/Systems Testing Security risk assessment
- System/software security controls selection
- Security architecture
- Systems/software penetration testing
- Threat & vulnerability detection and management
- Incident detection and response
- Cryptography and Key Management
Please contact your organization’s Secure Software Primary Contact to enroll in the Secure Software SLC program.
Become a Secure Software Lifecycle Assessor when you take this class and become qualified.
New Secure SLC Training - Transitioned
New Secure SLC Training (In person or eLearning)
Requalification Secure SLC Training
Knowledge Training Non-PO *
Knowledge Training PO *
Please note: Unless otherwise specified, all fees are in US Dollars.
* Knowledge training does not lead to assessor status.
This course is also offered as knowledge training for individuals who would like to increase their knowledge and do not necessarily need to achieve or are not eligible for qualification as an assessor.
How to Prepare for the Exam
Prior to taking the Secure SLC training and exam, candidates must complete the prerequisite course and exam on PCI Fundamentals and should familiarize themselves with information regarding the Secure SLC Standard, the Secure SLC program and supporting documents. These materials may be found in the Document Library.
The PCI Fundamentals online course must be completed prior to the start of your training class.
In order to attend Secure SLC Assessor training for certification, you must be a full-time employee of an active Software Security Company. Please see the Software Security Framework Qualification Requirements for Assessors for more details
Step 1 – Review
Refer to the Software Security Framework Qualification Requirements for Assessors for complete program description and requirements and to confirm that you are suited for the program.
Then complete the Software Security Assessor Company registration form online (see step 2).
(Software Security Framework Qualification Requirements for Assessors).
Step 2 – Apply
Complete the online application form through PCI SSC’s secure portal. Application requirements include:
- Submit Software Security Assessor Company registration form.
- Complete company application (Primary Contact will gain access to the online application only after the Software Security Assessor Company registration form has been approved by PCI SSC).
- Enroll professionals in Secure SLC Assessor training (Primary Contact will have the ability to enroll professionals in Secure SLC Assessor training through the portal only after the Software Security Assessor Company application has been approved).
- Submit payment (training invoice will be emailed to Primary Contact within 2-3 business days of Secure SLC Assessor training request approval). For more information about the training fees, please see the Software Security Framework Pricing page.
Step 3 - Train
Upon receipt of payment the primary contact will receive the location details for the instructor-led class or CBT details if applicable.
Step 4 - Enrollment
Once the application has been approved by the PCI Security Standards Council, and its designated Secure SLC Assessor employees have complete and passed the Secure SLC Assessor training, the Secure SLC Assessor Company will receive confirmation of acceptance into the program, and the Secure SLC Assessor employees will each receive a Certificate of Qualification. The Secure SLC Assessor employees will be added to the Council’s database of certified Secure SLC Assessor personnel, and the company may now perform Secure SLC Assessments until the time comes to complete the annual Requalification training to maintain the certification.
Only those who have taken and passed the exam become Secure SLC Assessors.
In order to maintain the high standards set for this certification, all Secure SLC assessors must pass a requalification exam every 12 months, sign and accept the terms of the PCI SSC Code of Responsibility in order to continue as an active Secure SLC Assessor for their company.
The requalification course is offered in a convenient eLearning format. All training enrollment requests must be submitted through the company’s primary contact via the PCI Portal.
Registration into requalification training must be submitted and approved by the certification expiry date. A Secure SLC Assessor who is not registered for requalification training before midnight Eastern Time on their certification expiry date, or who does not achieve a passing score on the exam by the end of the two week grace period, will be required to re-enroll as a new candidate.
The Council emails courtesy reminders 90 days in advance of your qualification expiry date. To complete the requalification process, a requalification registration must be submitted prior to the expiry date and a passing score must be achieved on the exam no later than 14 days after the expiry date.
- Select a requalification option in the PCI Portal and submit your registration
- An invoice will be emailed within 2-3 business days
- You will receive an email containing instructions and credentials to complete the requalification exam within 2 business days of payment processing
- Once you successfully pass the exam, a new certificate will be emailed, and you’ll be listed on the PCI website as a Secure SLC Assessor for another year