PCI Requirement 12.8 & 12.8.1 ā Maintain and Implement Policies and Procedures to Manage Service Providers with whom Cardholder Data is Shared
ļ»æ Service Providers with Access to Cardholder Data No organization can do everything themselves. Back-up tape storage facilities, web-hosting companies, security service providers ā most organizations have some type of relationship with a third-party or vendor. Thatās why PCI Requirement 12.8 focuses on vendor management and asks organizations to maintain and implement policies and procedures to manage service providers with whom cardholder data is shared, or that could affect the…