category:

Third-Party Service Providers

Article

NIST SP 800-171 Framework Series: Personnel Security

Part 9 of CampusGuard’s series covers each of the critical controls from NIST SP 800-171 rev.2 When performing IT security assessments, part of the engagement planning process includes providing the security committee with a list of all suggested departments and individuals that should be included in the assessment interviews.

NIST Framework
Read More about the NIST SP 800-171 Framework Series: Personnel Security
Article

Checklist for Third-Party Service Providers

As you are evaluating potential third-party vendors, you may want to reference this quick checklist to make sure you have all of your PCI “ducks in a row”

Third-Party Service Providers
PCI Third-Party Checklist about the Checklist for Third-Party Service Providers
Article

Vendor Contract Language: Strengthening your Service Provider Agreements

Contracts should contain language that asserts the service provider is currently PCI compliant, will maintain that compliance, and will protect all sensitive data while in their possession. The following sections should be included in all contracts:

PCI DSS
Read More about the Vendor Contract Language: Strengthening your Service Provider Agreements
Article

Securing E-commerce Payment Pages

Generally speaking, the safest option for e-commerce is to use a fully outsourced, PCI-compliant, third- party payment provider whose primary purpose is to securely process payment card transactions.

Third-Party Service Providers
Read More about the Securing E-commerce Payment Pages
Article

PCI Acronym Reference Guide

To help you understand the lingo behind compliance, here are some of the most common terms you might hear in reference to PCI and what exactly they are referring to.

PCI DSS
Read More about the PCI Acronym Reference Guide
Article

Evaluating Third-Party Service Provider PCI Compliance

Any third-party service provider (TPSP) that stores, processes, or transmits cardholder data on behalf of your organization or could impact the security of your customers’ cardholder data, must meet the requirements of the PCI DSS.

PCI DSS
Managing Third-Party Compliance about the Evaluating Third-Party Service Provider PCI Compliance
Article

Wendy’s Payment Card Breach: How a Third-Party Breach Can Affect Your Institution

Your ultimate PCI responsibility will depend on whether your dining service or restaurant is completely separate from your institution or if they a service provider using one of the Merchant IDs assigned by your acquirer.

Third-Party Service Providers
Read More about the Wendy’s Payment Card Breach: How a Third-Party Breach Can Affect Your Institution