Never reinvent the wheel again. Use our Third Party Service Provider Responsibility Template to ensure full coverage of PCI DSS Requirement 12.8.5.

  • Downloadable Excel File
  • Contains instructions
  • Revision history tab
  • Tabs for each requirement area
  • PCI DSS requirements and testing procedures
  • Columns to indicate if the requirement is the TPSP responsibility, merchant responsibility, or a shared responsibility
  • Additional space for notes

Use this template as part of your comprehensive TPSP Management program.




Third Party Service Providers and PCI DSS Requirement 12.8.5

Merchants and Service Providers alike struggle with this requirement. PCI DSS Requirement 12.8.5 specifically states “Information is main gained about which PCI DSS requirements are managed by each Third Party Service Provider (TPSP), which are managed by the entity, and which are shared.”

We've Made Managing Your TPSPs a Little Easier

If you’re using TPSPs to help reduce your PCI DSS scope, then you must maintain a document which includes the requirements you’ve shifted to your TPSP.

We’ve created a template to help both merchant organizations and service providers clearly state who’s responsible for what requirements.

This document is what the your QSA will be reviewing during a Report on Compliance or Self-Assessment, to ensure all requirements are accounted for.

This document will also be used as part of your annual TPSP program review. 

Prior to engaging with your TPSP, go through the responsibility matrix together and make sure you’re in complete agreement on who’s responsible for each PCI DSS requirement.