Third Party Service Provider

nounid 4410·updated May 9, 2026

candidate

GlossaryL1 — what DictionaryL2 — how used ThesaurusL3 — relations Universaleverything

As defined in the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms, a service provider is a business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This also includes companies that provide services that control or could impact the security of cardholder data. There are many types of businesses that could fall into the category of “service provider,” dependent on the services provided. Most commonly, a TPSP could be a legally separate entity; but it can also be a separate business unit or component of the entity under assessment—for example, an internal service provider—where the provider is outside the direct management control of the entity assessed.

MWE

Classifications

per-axis with provenance

Entity Type

Organization85%llm-generatedllm:claude-haiku-4-5

Sensitivity

Regulated90%rule-basedr:sens.regulated.framework.v1

Information Class

Pci88%llm-generatedllm:claude-haiku-4-5

Variants

8 surface forms

synonym: Third-Party Service Provider
alternatephrasing: Third-party service provider
plural: Third Party Service ProvidersThird-party service providers
possessive: Third Party Service Provider'sThird-party service provider's
pluralpossessive: Third Party Service Providers'Third-party service providers'

Framework definitions

2 senses across 2 frameworks

NY DFS Part 500 (NYCRR Title 23, Chapter 1, Part 500)1 senseview framework →

§1: As defined in the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms, a service provider is a business entity that is not a payment brand, directly involved in the processing, storage, or transmission of cardholder data on behalf of another entity. This also includes companies that provide services that control or could impact the security of cardholder data. There are many types of businesses that could fall into the category of “service provider,” dependent on the services provided. Most commonly, a TPSP could be a legally separate entity; but it can also be a separate business unit or component of the entity under assessment—for example, an internal service provider—where the provider is outside the direct management control of the entity assessed.

Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook Infobase, Glossary1 senseview framework →

§1: Any third party to whom a financial institution outsources activities that the institution itself is authorized to perform, including a technology service provider.

Outgoing relationships

term as subject — 0 triples

No outgoing triples

This term is not the subject of any RDF-style relationship yet.

Incoming relationships

term as object — 0 triples

No incoming triples

No other term currently asserts a relationship to this one.