PCI DSS Addendum

PCI DSS Addendum

1. Payment Card Industry Data Security Standard (“PCI DSS”)

PDQ Digital Media, LLC (“PDQ”) provides certain services to Client under our standard Master Services Agreement (“MSA”), and those services involve the potential for exposure to credit card data held by Client. In accordance with PCI DSS, Client may be required to adhere to the Payment Card Industry Data Security Standard (PCI DSS) established by the PCI Security Standards Council. PDQ may possess, transmit, store, or otherwise become exposed to cardholder data in the performance of its services provided to Client, and in such cases is considered a “service provider” under the Requirements of Section 12.8 of the PCI DSS.

Under the requirements set forth in Section 12.8.2 of the PCI DSS, Client shall maintain a written agreement that includes an acknowledgement that the service provider is responsible for the security of cardholder data exposed to the service provider. The requirement of Section 12.8.4 of the PCI DSS stipulates that Client shall maintain a program to monitor the service provider’s PCI DSS compliance status. Furthermore, and notwithstanding the foregoing, Client is ultimately responsible for its PCI compliance. Client must ensure that it shall use the services of PDQ in a compliant manner. In any instances for which Client handles, stores, or transmits cardholder data in any way outside of its proprietary systems, Client must ensure this is done in accordance with PCI DSS regulations.

2. Attestation of Responsibility

With the foregoing being established, PDQ hereby acknowledges, agrees and confirms the following:

  1. PDQ is responsible for the security of cardholder data that we possess, process, transmit or are otherwise exposed to on behalf of Client.
  2. PDQ confirms as of the date of this statement, we have complied with all applicable requirements to be considered PCI DSS compliant, and have performed the necessary steps to validate our compliance with the PCI DSS Standards.
  3. Upon receipt of Client’s request, PDQ shall inform Client of our current PCI DSS compliance status and evidence of our most recent validation of compliance in writing.
  4. PDQ shall inform Client as soon as practically possible in the event that we are no longer PCI DSS compliant and further we will inform Client concerning the steps being taken to remediate the non-compliance status and
  5. PDQ acknowledges that our failure to be and remain PCI DSS compliant will be the grounds for immediate termination of our Agreement without penalty to Client.

 

Last Update: 04/17/2020 - 18:52pm