When dealing with compliance with the Payment Card Industry-Data Security Standard (PCI-DSS), an
organization that shares card holder information with a service provider MUST do which of the
following?

A.
Perform a service provider PCI-DSS assessment on a yearly basis.

B.
Validate the service provider’s PCI-DSS compliance status on a regular basis.

C.
Validate that the service providers security policies are in alignment with those of the
organization.

D.
Ensure that the service provider updates and tests its Disaster Recovery Plan (DRP) on a yearly
basis.