💼 12.8 Maintain and implement policies and procedures to manage service providers with whom cardholder data is shared, or that could affect the security of cardholder data.

• Contextual name: 💼 12.8 Maintain and implement policies and procedures to manage service providers with whom cardholder data is shared, or that could affect the security of cardholder data.

• ID: /frameworks/pci-dss-v3.2.1/12/08

• Located in: 💼 12 Maintain a policy that addresses information security for all personnel.

Description

Empty...

Similar

• Internal
  • ID: dec-c-38461ea7

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 12.8.1 Maintain a list of service providers including a description of the service provided.
💼 12.8.2 Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service providers possess or otherwise store, process or transmit on behalf of the customer, or to the extent that they could impact the security of the customer's cardholder data environment.
💼 12.8.3 Ensure there is an established process for engaging service providers including proper due diligence prior to engagement.
💼 12.8.4 Maintain a program to monitor service providers' PCI DSS compliance status at least annually.
💼 12.8.5 Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity.