Test your understanding of requirements 12.8 and 12.9

Merchants must maintain a list of their Third Party Service Providers (TPSPs) along with a description of service(s) the TPSP is providing *

True

False

Merchants must maintain written agreements (contracts, MSAs) where the TPSP acknowledges their responsibility for the security of account data that TPSP stores, processes, or transmits or could impact security of the CDE *

True

False

Vetting or performing due diligence prior to engaging TPSP is not required *

True

False

Merchants must monitor TPSPs PCI DSS compliance at least every 6 months *

True

False

Merchants must maintain information that shows what requirements the TPSP is responsible for, what requirements the merchant is responsible for and what requirements have a shared responsibility *

True

False

TPSPs must support their customers’ PCI DSS compliance *

True

False

TPSPs must provide their ______________ upon customer request *

proof of insurance

business license

PCI DSS compliance status

food order

TPSPs must provide information that shows what requirements the TPSP is responsible for, what requirements the merchant is responsible for and what requirements have a shared responsibility *

True

False

Requirement 12: An overview of the Information Security Policy and Supporting Security Policies and Programs

Test your understanding of requirements 12.8 and 12.9