Since any commercial company or organization that deals with the card based payments has to be PCI compliant, this compliance is one of the most fundamental components for legal and secure business in the e-commerce industry.
There are many aspects of PCI compliance to take note of for any company dealing with card payments. These parts deal with the logical data security, data encryption, encrypted storage, data-transfer policy, data-sharing policy, privacy rules and other rules.
Today’s access control system uses many modern technologies fully integrated with the other parts of security measures of the company. So strict access control rules also apply to companies who want to qualify for PCI access control compliance.
Section 7 & 8 of PCI governs the aspect of access control compliance. The physical security compliance policy is based on two important rules – need-to-know and zero trust.
According to section 7 of PCI SSC standard, physical access to card information should be restricted and allowed only those people who really need to access that information. The entire record of access should be managed. Similarly, section 8 clearly mandates the companies to allow ID based access with a complete tracking of record to the credit card information section.
Take the following procedural steps to get PCI physical security compliance status for your company.
Get this full guide in PDF format, plus other great security content from Kisi. We're offering this guide as a free download. You will also be signed up to get content from the Kisi blog.Download Guide