Blog

PCI Requirement 9.8.2 – Render CHD on Electronic Media Unrecoverable

by Randy Bartels / December 20, 2022

How to Destroy Electronic Media As part of your data disposal policies, PCI Requirement 9.8.2 requires, “Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed.” There are many methods for destroying electronic media, including: Secure Wiping – Use a secure, industry-accepted form of wiping to render data on a hard drive unreadable. Degaussing – Used to destroy data by demagnetizing a magnetic field on…

PCI Requirement 9.8.1 – Shred, Incinerate, or Pulp Hard-Copy Materials so CHD Cannot be Reconstructed

by Randy Bartels / December 20, 2022

How to Dispose of Sensitive Documents PCI Requirement 9.8.1 requires you take two steps to securely dispose of sensitive documents: Shred, incinerate, or pulp hardcopy materials so that cardholder data cannot be reconstructed. Secure storage containers used for materials that are to be destroyed. Why do you need to use secure storage containers to secure materials that are going to be destroyed anyways? The use of secure storage containers…

PCI Requirement 9.8 – Destroy Media When it is no Longer Needed

by Randy Bartels / December 20, 2022

Data Disposal Policies PCI Requirement 9.8 aligns with the methodology of many other PCI requirements: If you don’t need it, get rid of it. Remember PCI Requirement 3.1? It requires that organizations keep cardholder data storage to a minimum by implementing data retention and data disposal policies and procedures. PCI Requirement 9.8 is similar. It requires that organizations destroy media when it is no longer needed for business or…

PCI Requirement 9.7.1 – Properly Maintain Inventory Logs of All Media

by Randy Bartels / December 20, 2022

Importance of Inventory Logs As a part of maintaining strict control over the storage and accessibility of media, PCI Requirement 9.7.1 states, “Properly maintain inventory logs of all media and conduct media inventories at least annually.” Inventory may seem like an overwhelming, massive task to complete every year, but it’s completely necessary. The PCI DSS explains, “If media is not inventoried, stolen or lost media may not be noticed…

PCI Requirement 9.7 – Maintain Strict Control Over the Storage and Accessibility of Media

by Randy Bartels / December 20, 2022

Storage and Accessibility of Media What if your organization lost cardholder data, but didn’t even know it? Without inventory methods for media and data storage requirements, stolen or missing media could go unnoticed for a long time or maybe not noticed at all. This is why PCI Requirement 9.7 requires, “Maintain strict control over the storage and accessibility of media.” If you do not feel confident about knowing where…

PCI Requirement 9.8.2 – Render CHD on Electronic Media Unrecoverable

PCI Requirement 9.8.1 – Shred, Incinerate, or Pulp Hard-Copy Materials so CHD Cannot be Reconstructed

PCI Requirement 9.8 – Destroy Media When it is no Longer Needed

PCI Requirement 9.7.1 – Properly Maintain Inventory Logs of All Media

PCI Requirement 9.7 – Maintain Strict Control Over the Storage and Accessibility of Media

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.