Blog

If you’ve seen the news lately, you know that breaches stemming from third-party vendors are on the rise, and it seems no organization is truly safe. Whether you’re still actively contracted with a third party or have ceased providing services, recent incidents prove you’re still at risk, making effective third-party risk management (TPRM) a must to avoid what could be disastrous consequences.

These days, it’s not enough to simply secure your organization—you’ve to ensure your vendors are secure as well. More and more, bad actors aren’t stopping at the first line of infiltration—they’re using the access obtained to penetrate through to affect their victim’s supply chain, making it incredibly important for organizations everywhere to maintain effective and comprehensive third-party risk management (TPRM), something that can be elevated by way of an external assessment.

The Payment Card Industry Data Security Standard (PCI DSS) is a global security framework designed to safeguard credit card information, protect sensitive authentication data, and minimize the risk of fraud. The PCI Security Standards Council (SSC) released a set of guidelines detailing how to manage third-party service provider (TPSP) relationships and PCI DSS compliance requirements. In this article, we break down everything you need to know about navigating PCI DSS TPSP requirements for PCI compliance.

If your organization is seeking ISO 27001 certification, and you outsource physical hosting to a third-party vendor, you may be wondering if and how to include them in the scope of your Information Security Management System (ISMS).