PCI Watch

Tracking changes across the Payment Card Industry
ℹ️
Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.
View Original →
FAQ #1065 Published

How should a hosting provider demonstrate PCI DSS compliance (as part of their client's assessment or in their own separate assessment)?

Per the Scope of Assessment section of the PCI DSS Requirements and Security Assessment Procedures, there are two options for hosting providers and other third party providers to validate compliance:

  1. They can undergo a PCI DSS assessment on their own and provide evidence to their customers to demonstrate their compliance, or
  2. If they do not undergo their own PCI DSS assessment, they can have their services reviewed during the course of each of their customer’s PCI DSS assessments.
View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.