Phoenix NAP, LLC (“PNAP”) provides certain services to Client under our standard Master Services Agreement (“MSA”), and those services involve the potential for exposure to credit card data held by Client. In accordance with PCI DSS, Client may be required to adhere to the Payment Card Industry Data Security Standard (PCI DSS) established by the PCI Security Standards Council. PNAP may possess, transmit, store, or otherwise become exposed to cardholder data in the performance of its services provided to Client, and in such cases is considered a “service provider” under the Requirements of Section 12.8 of the PCI DSS.
Under the requirements set forth in Section 12.8.2 of the PCI DSS, Client shall maintain a written agreement that includes an acknowledgement that the service provider is responsible for the security of cardholder data exposed to the service provider. The requirement of Section 12.8.4 of the PCI DSS stipulates that Client shall maintain a program to monitor the service provider’s PCI DSS compliance status. Furthermore, and notwithstanding the foregoing, Client is ultimately responsible for its PCI compliance. Client must ensure that it shall use the services of PNAP in a compliant manner. In any instances for which Client handles, stores, or transmits cardholder data in any way outside of its proprietary systems, Client must ensure this is done in accordance with PCI DSS regulations.
With the foregoing being established, PNAP hereby acknowledges, agrees and confirms the following: