Within the P2PE version 2 the new role of a P2PE Component Provider was introduced. A P2PE Component Provider provides partial P2PE services to a P2PE Solution Provider.

These services are assessed by a P2PE-QSA and the Component Provider receives their own validation report and will be listed as a certified P2PE Component Provider on the official web listing of the PCI Council.

Types of P2PE Component Provider

A P2PE Component Provider provides partial P2PE services to a P2PE Solution Provider. This services can be:

  • Encryption-management services as defined in Domains 1 and 6, including Annex A as applicable
  • Decryption-management services as defined in Domains 5 and 6, including Annex A as applicable
  • Key-Injection Facility services as defined in Annex B of Domain 6, including Annex A as applicable
  • Certification Authority/Registration Authority services as defined in Annex A, Part A2 of Domain 6, including Part A1 as applicable

Relationship between P2PE Solution Provider and Component Provider

The role of P2PE Component Provider allows a P2PE Solution Provider to outsource services to a Component Provider. The P2PE Solution Provider is responsible for monitoring of the compliance of the Component Provider to ensure the compliance of the outsourced services within his solution services.

As the definition of a Component Provider was introduced in version 2 of the P2PE standard, there is no possibility for a P2PE Solution Provider which is validated against version 1 of P2PE to outsource services to a Component Provider.