PCI DSS and Third-Party Risk Management

This article discusses the new requirements associated with the latest version of the PCI Data Security Standard (DSS), version 3.2. It explains the reasoning behind the updated requirements for third-party service providers and describes what must be done to comply with those requirements. It also suggests ways in which organizations that use such providers can develop effective vendor management programs that align with PCI compliance.