Home > IT Answers > CIO > Outside vendor located on premises
Patty
10 pts.
 Outside vendor located on premises
Compliance, IT Compliance, Payment Card Industry Data Security Standard, PCI compliance
We have an outside vendor located on our premises making credit card sales. If they are not PCI compliant, and/or if their data becomes compromised, what is our liability, considering it will be our shared customer who is affected?

Software/Hardware used:
ASKED: February 21, 2009  12:03 AM
UPDATED: February 23, 2009  4:19 PM
RELATED QUESTIONS
Answer Wiki:
Shared premises is not a relevant factor for PCI compliance. You don't face fines for customer information you don't handle. PCI compliance should be a minimal standard. Does your shared customer recognize your organizations as distinct, or do you act as one support organization? Act to meet your customer's expectations. If you wish to present yourselves as a single organization, then recognize that your customer can seek damages from both of you if either of you fail the standard of reasonable care. This is not a PCI issue.
Last Wiki Answer Submitted:  February 21, 2009  6:08 pm  by  Rklanke   1,235 pts.
All Answer Wiki Contributors:  Rklanke   1,235 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _