PCI Requirement 9.1 – Use Appropriate Facility Entry Controls to Limit and Monitor Physical Access to CDE

by Randy Bartels / May 31, 2023

Limit and Monitor Physical Access Applying the appropriate physical security and facility entry controls are vital to complying with PCI Requirement 9.1, which states, “Use appropriate facility entry controls to limit and monitor physical access to systems in the cardholder data environment.” Wherever your cardholder data lives, it must be protected. Complying with PCI Requirement 9.1 comes in two parts: limit and monitor. Your organization must limit physical access to…

PCI Requirement 9 – Restrict Physical Access to Cardholder Data

by Randy Bartels / May 31, 2023

Why Should I Restrict Physical Access to Cardholder Data? What would happen if your organization had no physical access controls protecting cardholder data? Made no effort to restrict physical access to cardholder data? No locks on the doors, no badge or identification system, no security guards, no receptionist? Without physical access controls, you give unauthorized persons a plethora of ways to potentially gain access to your facility and to steal, disable,…

Data Privacy Day 2018

by Sarah Harvey / December 20, 2022

Are You Doing Enough to Protect Customer Data? In a highly data-driven world, protecting the privacy of customer data is more important than ever. January 28th, a day dedicated as Data Privacy Day, is an international holiday meant to help raise awareness about data privacy best practices. Encouraging companies and individuals to value privacy will help to create a culture of privacy and embolden everyone to properly safeguard data and…

GDPR Readiness: What, Why, and Who

by Sarah Harvey / July 12, 2023

What is GDPR? The European Union’s General Data Protection Regulation (GDPR) is not just one of many other data protection frameworks or requirements. GDPR is the top regulatory focus of 2018, even among US companies, and is considered to be one of the most significant information security and privacy laws of our time. The applicability of the law follows the data, rather than following a person or location. The scope…

Understanding Your SOC 1 Report: Auditor’s Test of Controls

by Joseph Kirkpatrick / December 20, 2022

The Auditor's Test of Controls: Review, Observe, and Interview At the end of a SOC 1 Type II report, you’ll find a section titled, “Information Provided by the Independent Service Auditor.” Within this section, you will find “Auditor’s Test of Controls,” which is a description of the controls that were tested during the audit, procedures used for testing these controls, and the results of the testing. The test of controls…