Security Basics mailing list archives
RE: PCI-DSS and MSPs?
From: "Steve Freeman" <freema2 () bellsouth net>
Date: Thu, 18 Dec 2008 08:26:37 -0500
I work for a provider that is PCI compliant. We have two separate environments; one PCI compliant where all businesses hosted in that environment are audited by PCI standards, the other environment contains those businesses hosted that do not have the PCI requirement. You cannot have business that require PCI compliant environments in an environment that does not meet these requirements, but you can host a business that does not require the PCI standards to be applied hosted in an environment that is PCI compliant. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sheldon Alman Sent: Wednesday, December 17, 2008 1:46 PM To: security-basics () securityfocus com Subject: PCI-DSS and MSPs? Hello, I work for a Managed Service Provider who provides service to businesses who are required to be PCI compliant as well as businesses who are not. It is to my understanding that as an MSP we are required to be PCI compliant. Does this mean that we have to follow PCI compliance procedures/practices with both our PCI and non-PCI customers? Or do we only have to adhere to PCI standards when dealing with those customers who are required to be PCI compliant? Thanks,
Current thread:
- PCI-DSS and MSPs? Sheldon Alman (Dec 17)
- RE: PCI-DSS and MSPs? Steve Freeman (Dec 18)