[PCI DSS 1.x] 12.8 If cardholder data is shared with service providers, then contractually the following is requir

12.8 If the audited entity shares cardholder data with another company, obtain and examine contracts between the organization and any third parties that handle cardholder data (for example, backup tape storage facilities, managed service providers such as Web hosting companies or security service providers, or those that receive data for fraud modeling purposes). Perform the following: