Security Basics mailing list archives
PCI Compliance required if outsourcing?
From: "Eggleston, Mark" <meggleston () healthpart com>
Date: Tue, 10 Jun 2008 16:28:35 -0400
Hello PCI experts, I've seen a lot of info re: PCI on this listserve and was wondering if someone can help me. If a company chooses to outsource PCI compliance to a vendor, what are the PCI regulation requirements? Specifically, if a company uses a vendor/outsources for card payment processing what are the compliance ramifications? From what I can tell section 12 applies: "If cardholder data is shared with service providers, then contractually the following is required: 12.8.1 Service providers must adhere to the PCI DSS requirements 12.8.2 Agreement that includes an acknowledgement that the service provider is responsible for the security of cardholder data the provider possesses." Anything else here to be concerned with? Regards, Mark Eggleston Manager, Security and Business Continuity Information Services (215) 991-4388 ----------------------------------------- All the information contained in this electronic communication and any attachments is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are hereby notified that you should not disseminate, distribute or copy any portion of this electronic communication. If you have received this message in error, please notify the sender by replying to this email and immediately deleting any and all copies you may have inadvertently made.
Current thread:
- PCI Compliance required if outsourcing? Eggleston, Mark (Jun 11)
- RE: PCI Compliance required if outsourcing? Craig Wright (Jun 12)
- RE: PCI Compliance required if outsourcing? Daniel I. Didier (Jun 12)
- RE: PCI Compliance required if outsourcing? Craig Wright (Jun 12)