System Innovators is proud to announce the release of iNovah 2.70, offering the tightest security yet for managing your payment processes. iNovah surpasses the latest testing process to qualify for the new PCI-SSF validation under the Secure Software Standard (SSS Program).
What is PCI-SSF?
PCI-SSF, or PCI Software Security Framework, sets forth standards and requirements to ensure the secure development and maintenance of payment software applications, like iNovah. The validation doesn’t just cover the operation of the software, it also looks at the engineering and development stages. Furthermore, it reaches into documentation and maintenance of that software. Everything from authentication methods to logs and update patches, the SSF standard emphasizes security all through the software lifecycle.
How is this different from PCI PA-DSS?
PA-DSS focuses on the entire environment where cardholder and payment information flow. This includes the pin-terminals on a counter to the networks the data travels through and the servers for data storage. Yes, software falls under this standard, but the scope of DSS is rather broad. Explicitly, SSF validation focuses just on the software, setting strict standards for secure development, use, and maintenance of payment software.
PCI-SSF is specifically for organizations that develop payment software for use by other organizations in modular environments. The SSF standard presents objective-based requirements designed for scalability, whereas PCI-DSS is prescriptive with limited scalability. By adopting a PCI-SSF validated software solution, like iNovah 2.70, organizations can scale with the flexibility necessary in today’s fast-paced world.
The core requirements of SSF sets very high standards for…
- Minimizing security threats
- Protecting assets through security controls
- Securing software operations
- Managing security of the software lifecycle
- Protection of account data
I need to upgrade to iNovah 2.70 now?
By complying with the new SSF standards, iNovah 2.70 compliments the tighter security of the latest server and database environments. If you are planning your server upgrades for PCI-DSS qualification, including iNovah 2.70 in those plans would be your best choice to lower your scope. Consideration for cloud services is also an option now, as PCI PA-DSS and PCI-SSF work together to ensure the protection of cardholder data throughout the entire payment process.
What is my best option?
Moving into the cloud has never been safer. With our iNovah SecureCloud option, your PCI related responsibilities are even lower. We offer fully hosted solutions where you take full advantage of our PCI-awareness with DSS certified hosting and SSF validated software along with the knowledge and support of our teams. We take care of the systems, the data is yours, and your constituents’ information is protected.
Have questions? Send them to us and a member of our team will help you better understand PCI-SSF validation and how iNovah 2.70 will benefit your organization.