Reducing PCI DSS Scope Is A Good Thing, Right?

Absolutely.

100%

At Payment Card Assessments, we’re all in for reducing PCI DSS scope.

But it has to be done the right way. In other words, the PCI DSS compliant way.

Third Party Service Providers (TPSPs) can make or break your PCI DSS Compliance program.

We understand the importance of TPSPs. They’re critical to the success of your business.

For example, if you use a TPSP hosted payment page or iFrame, you can significantly reduce your PCI DSS scope; however, this doesn’t make your PCI DSS Compliance responsibilities magically disappear.

With that in mind, it’s vital that you manage your TPSPs for PCI DSS Compliance so you don’t fall short during your own SAQ or Report on Compliance assessment.

How Payment Card Assessments Can Help You Manage Your In Scope TPSPs

We recently launched a training bundle specific to managing TPSPs and what you need to prove your PCI DSS Compliance with requirements 12.8-12.8.5.

Remember: these requirements apply to all merchants regardless of merchant level or SAQ eligibility. 

In this 20 minute training, we break down PCI DSS requirement 12.8 and 12,9 so you have a full understanding of what you must have in place, regardless of your merchant level, to meet sub-requirements 12.8.1-12.8.5.

If you’re a TPSP, we’re covering PCI DSS requirement 12.9 because as a TPSP, you must help your customers with PCI Compliance.

What’s Included In Our PCI DSS Third Party Service Provider Training Bundle:

  1. Deep dive TPSP training video (20 minutes)
  2. TPSP Assessment Checklist (pdf)
  3. TPSP Tracker (12.8.1 + helps you track 12.8.2 – 12.8.5) (xls)
  4. TPSP Responsibility Matrix (12.8.5) (xls)

If you’re a Pro or Corporate member of our PCI Compliance Toolkit, you’ll find this training and our templates there. 

If you’re not a member, you can order this training bundle from our Digital Download Shop.


Discover more from Payment Card Assesments

Subscribe to get the latest posts sent to your email.

31 Jul 2024

Embrace the Suck: PCI DSS Compliance Requires Evidence

As the saying goes,“the proof is in the pudding”

Or in this case, the proof is in your policies, standards, processes, procedures, configuration settings, access control lists, network diagrams, interviews and so much more.

Yes, PCI DSS Compliance is hard.

And it most certainly is a pain in the a$$ to do day in and day out.

Trust me, I’ve been there.

I know what you’re going through.

Keep Reading!

Leave a Reply

Discover more from Payment Card Assesments

Subscribe now to keep reading and get access to the full archive.

Continue reading