PA-DSS Certification
PA-DSS is a universal data security standard to be followed by payment software vendor companies. Being a complex multi-phase process, PA-DSS certification might present a challenge for payment application developers. In order to go through PA-DSS certification process successfully, one needs to understand the key phases of PA-DSS audit procedure.
These phases include gap analysis, payment application installation in a PA-DSS compliant laboratory, payment application testing, analysis of documentation and diagrams, remediation period, and final certification.
By the time of the final certification, the payment application developer company should prepare a series of necessary documents. These documents include product implementation guide, software development life-cycle (SDLC) description, the list of PA-DSS requirements to software development life-cycle, SDLC requirements, description of training procedures, descriptions of support and troubleshooting policies, and (if the product is installed by some resellers, and not by the software developing company itself), an installation guide for resellers.
It should be stressed that in contrast to PCI compliance rules (which to be followed by the whole organizations and networks), PA-DSS requirements are targeted specifically at payment software vendors and application developers, so the two concepts are not to be confused.
More information on PA-DSS certification is available on #Paylosophy.