Reducing PCI DSS Scope Is A Good Thing, Right?

Absolutely.

100%

At Payment Card Assessments, we’re all in for reducing PCI DSS scope.

But it has to be done the right way. In other words, the PCI DSS compliant way.

Third Party Service Providers (TPSPs) can make or break your PCI DSS Compliance program.

We understand the importance of TPSPs. They’re critical to the success of your business.

For example, if you use a TPSP hosted payment page or iFrame, you can significantly reduce your PCI DSS scope; however, this doesn’t make your PCI DSS Compliance responsibilities magically disappear.

With that in mind, it’s vital that you manage your TPSPs for PCI DSS Compliance so you don’t fall short during your own SAQ or Report on Compliance assessment.

How Payment Card Assessments Can Help You Manage Your In Scope TPSPs

We recently launched a training bundle specific to managing TPSPs and what you need to prove your PCI DSS Compliance with requirements 12.8-12.8.5.

Remember: these requirements apply to all merchants regardless of merchant level or SAQ eligibility. 

In this 20 minute training, we break down PCI DSS requirement 12.8 and 12,9 so you have a full understanding of what you must have in place, regardless of your merchant level, to meet sub-requirements 12.8.1-12.8.5.

If you’re a TPSP, we’re covering PCI DSS requirement 12.9 because as a TPSP, you must help your customers with PCI Compliance.

What’s Included In Our PCI DSS Third Party Service Provider Training Bundle:

  1. Deep dive TPSP training video (20 minutes)
  2. TPSP Assessment Checklist (pdf)
  3. TPSP Tracker (12.8.1 + helps you track 12.8.2 – 12.8.5) (xls)
  4. TPSP Responsibility Matrix (12.8.5) (xls)

If you’re a Pro or Corporate member of our Resource Center, you’ll find this training and our templates there. 

If you’re not a member, you can order this training bundle from our Digital Download Shop.

26 Apr 2024

The Internal Security Assessor’s Guide to Mastering PCI DSS Requirements With Frequencies

A PCI DSS compliance expert highlights the critical role of adhering to defined and periodic frequency requirements in maintaining security measures. Frequent reviews, such as every six months for network security control rule sets, are mandatory. Failure in compliance can lead to severe repercussions for organizations. Payment Card Assessments aids compliance through automation, education, and operation strategies, enhancing program effectiveness. Proper process implementation and training are essential for meeting PCI DSS standards and leveraging tools like the Requirement Frequency template enhances compliance management.

Leave a Reply

Your email address will not be published. Required fields are marked *

This field is required.

This field is required.