PCI Requirement 12.8.4 and 12.8.5 – Maintain a Program to Monitor Service Providers’ PCI DSS Compliance Status
by Randy Bartels / July 3rd, 2018
Service Provider Compliance PCI Requirement 12.8.4 requires that your organization maintain a program to monitor service providers’ PCI DSS compliance status at least…
PCI Requirement 12.8.3 – Ensure there is an Established Process for Engaging Service Providers
by Randy Bartels / July 3rd, 2018
Due Diligence with Vendor Relationships PCI Requirement 12.8.3 asks organizations to ensure there is an established process for engaging service providers including proper…
PCI Requirement 12.8.2 – Maintain a Written Agreement that Includes an Acknowledgement that the Service Providers are Responsible for the Security of Cardholder Data
by Randy Bartels / July 3rd, 2018
Understanding Compliance Responsibilities PCI Requirement 12.8.2 focuses on relationships with service providers and asks organizations to maintain a written agreement that includes an…
PCI Requirement 12.8 & 12.8.1 – Maintain and Implement Policies and Procedures to Manage Service Providers with whom Cardholder Data is Shared
by Randy Bartels / July 3rd, 2018
Service Providers with Access to Cardholder Data No organization can do everything themselves. Back-up tape storage facilities, web-hosting companies, security service providers –…
PCI Requirement 12.7 – Screen Potential Personnel Prior to Hire
by Randy Bartels / July 3rd, 2018
Screening Candidates PCI Requirement 12.7 impacts your human resources department and hiring process. We've focused so much on external risks, but PCI Requirement 12.7…