Source: www.upguard.com
Meeting PCI DSS Third-Party Risk Requirements | UpGuard
Organizations must enact effective https://www.upguard.com/blog/third-party-risk-management to ensure their vendors fulfill https://www.upguard.com/blog/cyber-security requirements. These fears often overshadow the practical benefits of the standard’s implementation, such as https://www.upguard.com/blog/security-posture and more effective TPRM practices.
The PCI Data Security Standard includes a condensed https://www.upguard.com/blog/vendor-risk-management-program, sectioned under requirement 12.8, containing five sub-requirements and an additional requirement specifically for third-party service providers.
“Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity.”
“Additional requirement for service providers only: Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.”
The PCI Data Security Standard includes a condensed https://www.upguard.com/blog/vendor-risk-management-program, sectioned under requirement 12.8, containing five sub-requirements and an additional requirement specifically for third-party service providers.
“Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity.”
“Additional requirement for service providers only: Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.”
Related Articles
Community Partners
DevOps Careers