>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

TPM-07Cardholder Data Security Agreement

>Control Description

Organization managed service providers that manage, store, or transmit cardholder data on behalf of the customer must provide written acknowledgement to customers of their responsibility to protect cardholder data and the cardholder data environment.

Theme

Process

Type

Preventive

Policy/Standard

Vendor Information Security Policy

>Implementation Guidance

1. Ensure that a process is defined and documented for all the managed service providers that manage, store, or transmit cardholder data on behalf of the customer to provide a written acknowledgement to customers of their responsibility to protect cardholder data and the cardholder data environment.

>Testing Procedure

1. Validate for a sample Managed Service Provider that they have provided acknowledgement to customers of their responsibility to protect cardholder data and the cardholder data environment.

>Audit Artifacts

E-TPM-12

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

PCI DSS
3

12.9
12.9.1
12.9.2

Ask AI

Configure your API key to use AI features.