PCI DSS

Updated Feb 18 2025

PCI DSS Responsibility Matrix

At PlasBit, we prioritize the security of your transactions and data. To comply with the Payment Card Industry Data Security Standard (PCI DSS) we have established a clear division of responsibilities between PlasBit, our Third-Party Service Providers (TPSPs) and shared responsibilities.
A TPSP refers to an external service provider that helps PlasBit with specific services, such as hosting, payment processing, or managing certain technical infrastructures These providers play a key role in maintaining PCI DSS compliance, alongside PlasBit’s internal processes
Below, you will find a detailed responsibility matrix that outlines which PCI DSS requirements are managed by the TPSP which are handled by PlasBit, and which are shared between the two This matrix provides transparency into how we ensure the protection of your cardholder data and maintain the highest security standards.
PCI DSS RequirementTPSP ResponsibilityPlasbit ResponsibilityShared Responsibility
1. Install and Maintain a Secure NetworkConfigure and manage firewalls and routers for TPSP-controlled systems.Ensure secure configuration of firewalls and routers within PlasBit’s environment.Collaborate to ensure secure integration between PlasBit’s and TPSP’s network systems.
2. Protect Cardholder DataEncrypt cardholder data in storage and during transmission within TPSP-managed systems.Implement encryption for cardholder data handled directly by PlasBit.Align encryption methods and policies to ensure end-to-end protection of cardholder data.
3. Maintain a Vulnerability Management ProgramRegularly patch and update TPSP-managed systems and applications.Regularly patch and update systems directly managed by PlasBit.Collaborate to identify, report, and address shared vulnerabilities.
4. Implement Strong Access Control MeasuresEnforce access control for TPSP systems, including administrator and user access restrictions.Enforce access control policies for PlasBit-managed systems and user accounts.Review and align access control standards for shared systems and data.
5. Regularly Monitor and Test NetworksMonitor logs, detect suspicious activity, and address incidents on TPSP-controlled infrastructure.Monitor logs and user activities on PlasBit’s internal systems.Share information on monitoring, logs, and incident response for connected environments.
6. Develop and Maintain Secure SystemsEnsure secure development, configuration, and updates of TPSP-provided applications or services.Maintain secure configurations and updates for PlasBit’s internally developed or managed systems.Collaborate to ensure secure integration, testing, and deployment between systems.
7. Restrict Access to Cardholder DataLimit access to cardholder data in TPSP systems to authorized personnel.Restrict access to cardholder data managed by PlasBit to authorized personnel.Conduct regular joint reviews of access policies and privileges.
8. Identify and Authenticate AccessImplement and manage authentication systems for TPSP-controlled environments.Manage user authentication systems for PlasBit-controlled environments.Coordinate authentication protocols and ensure strong security measures for shared access points.
9. Restrict Physical Access to Cardholder DataSecure TPSP data centers and physical environments housing cardholder data.Secure PlasBit’s office spaces or facilities where cardholder data may be accessed.Align physical access control policies where shared physical resources exist.
10. Maintain an Information Security PolicyMaintain and enforce security policies for TPSP-provided systems and services.Maintain security policies for PlasBit’s internal operations and infrastructure.Align and review security policies affecting shared responsibilities.
11. Incident Response PlanDevelop and execute an incident response plan for TPSP-managed environments.Develop and execute an incident response plan for PlasBit-managed environments.Coordinate incident response efforts for shared systems or breaches involving TPSP and PlasBit systems.

Why This Matters

This matrix ensures transparency and accountability in how we manage PCI DSS compliance, By clearly defining these responsibilities, we work with our TPSPs to maintain robust security measures and deliver a seamless, secure experience for all of our customers.
For any PCI DSS requirements or inquiries, please directly contact our security team at Security@plasbit.com.