Contact Global Locations
Scoping & Documentation ASV Scanning Contract & Liability Review PCI DSS Gap Analysis Risk Assessment Security Testing Compensating Controls Blackfoot Prioritized Approach Annual Data Security Assessment Payment Processing & Outsourcing
Virtual Security Officer (VSO) Incident Response ISO 27001 Document & Policy Creation Security Awareness Risk Assessment
Infrastructure Security Assessment Web Application Assessment Physical Security Assessment Secure Code Review Data Discovery Wireless Security Assessment Vulnerability Management
Blackfoot Blackbox SME Virtual Security Officer (VSO) Firewall Management Audit Log Management Intrusion Prevention/Detection
PCI DSS Training PA DSS Training Secure Software Development Security Awareness

Contract & Liability Review



If 3rd parties and/or Service Providers are involved in the storing, processing or transmission of Cardholder Data, or the management or systems and security controls that have a direct impact on Cardholder Data security, it is important that Contractual Liability has been clearly defined and each party is fully aware of their responsibilities for the security of Cardholder Data.


In the Retail Sector, long standing contracts are not uncommon and full/partial outsourcing of payment processing is a typical challenge that Qualified Security Assessors should deal with.

It should be no longer acceptable to accept a third party 'PCI Certification' as means to prove Service Providers and Third Parties are compliant.

It is ESSENTIAL that Contracts are in place to ensure liability for a breach caused by any Third Party does not pass to the Merchant.

Blackfoot has considerable experience dealing with Contracts and what variations are required to ensure that Merchants do not end up paying for a breach.