How Do I Obtain a Written Agreement for Processing Cardholder Data?
PCI compliance: do you have a standard service agreement statement to answer 12.8.2 Is a written agreement maintained that includes an acknowledgement that the service providers are responsible
Inmotion hosting. I have a vps, passing all scans. I am looking for your standard security boiler plate to have on hand in response to this question.
12.8.2
Is a written agreement maintained that includes an acknowledgement that the service providers are responsible for the security of cardholder data the service providers possess or otherwise store, process, or transmit on behalf of the customer, or to the extent that they could impact the security of the customer's cardholder data environment?
Hello.
Thanks for posting your question regarding a written agreement for PCI compliance and the security of cardholder data. We do not provide a service for processing credit card payments, therefore, we do not have such an agreement.
I recommend you contact the service provider that is processing the payments on your behalf, to request this documentation. If you have built a custom payment processing software that you are running yourself, then you would need to create this agreement.
I hope this helps!
Sincerely,
Carlos D.