| 💼 12.8.1 Maintain a list of service providers including a description of the service provided. | | | | | no data |
| 💼 12.8.2 Maintain a written agreement that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service providers possess or otherwise store, process or transmit on behalf of the customer, or to the extent that they could impact the security of the customer's cardholder data environment. | | | | | no data |
| 💼 12.8.3 Ensure there is an established process for engaging service providers including proper due diligence prior to engagement. | | | | | no data |
| 💼 12.8.4 Maintain a program to monitor service providers' PCI DSS compliance status at least annually. | | | | | no data |
| 💼 12.8.5 Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity. | | | | | no data |