If you are a service provider, you must comply with PCI Requirement 12.9, which states, “Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.”
About Randy Bartels
This author has yet to write their bio.Meanwhile lets just say that we are proud Randy Bartels contributed a whooping 218 entries.
Entries by Randy Bartels
PCI Requirement 12.8.4 requires that your organization maintain a program to monitor service providers’ PCI DSS compliance status at least annually.
PCI Requirement 12.8.3 asks organizations to ensure there is an established process for engaging service providers including proper due diligence prior to engagement.
PCI Requirement 12.8.2 focuses on relationships with service providers and asks organizations to maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service providers possess or otherwise store, process or transmit on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.
No organization can do everything themselves. Back-up tape storage facilities, web-hosting companies, security service providers – most organizations have some type of relationship with a third-party or vendor.
11755 Wilshire Blvd.
Los Angeles, CA 90025
Dallas, TX 75219
Atlanta, GA 30303
Bethesda, MD 20817
Seattle, WA 98136
Chicago, IL 60606