DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

Meeting PCI DSS Third-Party Risk Requirements | UpGuard

3 years ago www.upguard.com

Summary: This is a summary of an article originally published by the source. Read the full original article here →

Organizations must enact effective https://www.upguard.com/blog/third-party-risk-management to ensure their vendors fulfill https://www.upguard.com/blog/cyber-security requirements. These fears often overshadow the practical benefits of the standard’s implementation, such as https://www.upguard.com/blog/security-posture and more effective TPRM practices.

The PCI Data Security Standard includes a condensed https://www.upguard.com/blog/vendor-risk-management-program, sectioned under requirement 12.8, containing five sub-requirements and an additional requirement specifically for third-party service providers.

“Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity.”

“Additional requirement for service providers only: Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer’s cardholder data environment.”

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com