PCI DSS Responsibility Matrix
At PlasBit, we prioritize the security of your transactions and data. To comply with the Payment Card Industry Data Security Standard (PCI DSS) we have established a clear division of responsibilities between PlasBit, our Third-Party Service Providers (TPSPs) and shared responsibilities.
A TPSP refers to an external service provider that helps PlasBit with specific services, such as hosting, payment processing, or managing certain technical infrastructures These providers play a key role in maintaining PCI DSS compliance, alongside PlasBit’s internal processes
Below, you will find a detailed responsibility matrix that outlines which PCI DSS requirements are managed by the TPSP which are handled by PlasBit, and which are shared between the two This matrix provides transparency into how we ensure the protection of your cardholder data and maintain the highest security standards.
| PCI DSS Requirement | TPSP Responsibility | Plasbit Responsibility | Shared Responsibility |
|---|---|---|---|
| 1. Install and Maintain a Secure Network | Configure and manage firewalls and routers for TPSP-controlled systems. | Ensure secure configuration of firewalls and routers within PlasBit’s environment. | Collaborate to ensure secure integration between PlasBit’s and TPSP’s network systems. |
| 2. Protect Cardholder Data | Encrypt cardholder data in storage and during transmission within TPSP-managed systems. | Implement encryption for cardholder data handled directly by PlasBit. | Align encryption methods and policies to ensure end-to-end protection of cardholder data. |
| 3. Maintain a Vulnerability Management Program | Regularly patch and update TPSP-managed systems and applications. | Regularly patch and update systems directly managed by PlasBit. | Collaborate to identify, report, and address shared vulnerabilities. |
| 4. Implement Strong Access Control Measures | Enforce access control for TPSP systems, including administrator and user access restrictions. | Enforce access control policies for PlasBit-managed systems and user accounts. | Review and align access control standards for shared systems and data. |
| 5. Regularly Monitor and Test Networks | Monitor logs, detect suspicious activity, and address incidents on TPSP-controlled infrastructure. | Monitor logs and user activities on PlasBit’s internal systems. | Share information on monitoring, logs, and incident response for connected environments. |
| 6. Develop and Maintain Secure Systems | Ensure secure development, configuration, and updates of TPSP-provided applications or services. | Maintain secure configurations and updates for PlasBit’s internally developed or managed systems. | Collaborate to ensure secure integration, testing, and deployment between systems. |
| 7. Restrict Access to Cardholder Data | Limit access to cardholder data in TPSP systems to authorized personnel. | Restrict access to cardholder data managed by PlasBit to authorized personnel. | Conduct regular joint reviews of access policies and privileges. |
| 8. Identify and Authenticate Access | Implement and manage authentication systems for TPSP-controlled environments. | Manage user authentication systems for PlasBit-controlled environments. | Coordinate authentication protocols and ensure strong security measures for shared access points. |
| 9. Restrict Physical Access to Cardholder Data | Secure TPSP data centers and physical environments housing cardholder data. | Secure PlasBit’s office spaces or facilities where cardholder data may be accessed. | Align physical access control policies where shared physical resources exist. |
| 10. Maintain an Information Security Policy | Maintain and enforce security policies for TPSP-provided systems and services. | Maintain security policies for PlasBit’s internal operations and infrastructure. | Align and review security policies affecting shared responsibilities. |
| 11. Incident Response Plan | Develop and execute an incident response plan for TPSP-managed environments. | Develop and execute an incident response plan for PlasBit-managed environments. | Coordinate incident response efforts for shared systems or breaches involving TPSP and PlasBit systems. |
Why This Matters
This matrix ensures transparency and accountability in how we manage PCI DSS compliance, By clearly defining these responsibilities, we work with our TPSPs to maintain robust security measures and deliver a seamless, secure experience for all of our customers.For any PCI DSS requirements or inquiries, please directly contact our security team at Security@plasbit.com.