Skip to main content

💼 12.9.1 TPSPs acknowledge in writing to customers that they are responsible for the security of account data the TPSP possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer's CDE.

ID: /frameworks/pci-dss-v4.0/12/09/01

Description

Additional requirement for service providers only.

Similar

Sections
- /frameworks/pci-dss-v3.2.1/12/09
- /frameworks/pci-dss-v4.0.1/12/09/01
Internal
- ID: dec-c-5a6b90b7

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v3.2.1 → 💼 12.9 Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer's cardholder data environment.					no data
💼 PCI DSS v4.0.1 → 💼 12.9.1 TPSPs provide written agreements to customers that include acknowledgments that TPSPs are responsible for the security of account data the TPSP possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that the TPSP could impact the security of the customer's cardholder data and/or sensitive authentication data.					no data

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v3.2.1 → 💼 12.9 Service providers acknowledge in writing to customers that they are responsible for the security of cardholder data the service provider possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that they could impact the security of the customer's cardholder data environment.					no data
💼 PCI DSS v4.0.1 → 💼 12.9.1 TPSPs provide written agreements to customers that include acknowledgments that TPSPs are responsible for the security of account data the TPSP possesses or otherwise stores, processes, or transmits on behalf of the customer, or to the extent that the TPSP could impact the security of the customer's cardholder data and/or sensitive authentication data.					no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Description
Similar
Similar Sections (Take Policies From)
Similar Sections (Give Policies To)
Sub Sections