💼 12.8 Risk to information assets associated with third-party service provider (TPSP) relationships is managed.

• Contextual name: 💼 12.8 Risk to information assets associated with third-party service provider (TPSP) relationships is managed.

• ID: /frameworks/pci-dss-v4.0/12/08

• Located in: 💼 12 Support Information Security with Organizational Policies and Programs

Description

Empty...

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 12.8.1 A list of all third-party service providers (TPSPs) with which account data is shared or that could affect the security of account data is maintained, including a description for each of the services provided.
💼 12.8.2 Written agreements with TPSPs are maintained.
💼 12.8.3 An established process is implemented for engaging TPSPs, including proper due diligence prior to engagement.
💼 12.8.4 A program is implemented to monitor TPSPs' PCI DSS compliance status at least once every 12 months.
💼 12.8.5 Information is maintained about which PCI DSS requirements are managed by each TPSP, which are managed by the entity, and any that are shared between the TPSP and the entity.