Payment Card Industry Responsibility Matrix

This document is a technical report that outlines the responsibilities associated with maintaining compliance with the Payment Card Industry Data Security Standards (PCI DSS). It delineates the specific obligations of Personify and its clients regarding various PCI DSS requirements. The report includes a detailed matrix that specifies which organization is responsible for each requirement, such as installing and maintaining network security controls, applying secure configurations, protecting stored account data, and ensuring strong cryptography during data transmission. Each requirement is elaborated upon, detailing the responsibilities of both Personify and the client. For instance, it highlights that Personify is responsible for maintaining network security controls and anti-malware mechanisms, while clients are tasked with ensuring proper account protection practices. The document serves as a guide for both parties to understand their roles in achieving and maintaining PCI compliance, ensuring that sensitive cardholder data is adequately protected.