Per the Scope ofThere are two options for hosting providers and other third-party service providers to validate compliance:
1) Assessment section of thennual assessment: Service providers can undergo an annual PCI DSS Requirements and Security Assessment Procedures, there are tassessment(s) on their owo options for hosting providers and other third party providers to validate compliance:n and provide evidence to their customers to demonstrate their compliance; or
T2) Multiple, on-demand assessments: If they cando not undergo atheir own annual PCI DSS assessment on their own and provide evidence to their customers to demonstrate their compliances, or
If they do noservice providers must undergo their ownassessments upon request of their customers and/or participate in each of their customer?s PCI DSS assessmentreviews, thewith the results of each review provided to the respective customer(s).
For further details and guidance, refer to the Use of Third-Party can have their services reviewed durService Providers / Outsourcing the course of each of their customer’ssection of the PCI DSS assessments.