This requirement relates to the physical access to
areas that contain computers, printouts, hard drives, backups and other methods
and objects that allow access to the cardholder data. Some ways to meet the requirements of this
section of PCI would include limiting access to the area with locked doors, and
employee or visitor identification using passwords or secure badges.
The use of video monitoring at entry and exit points
will also help in identifying those entering or leaving the secure areas. Another best practice is to destroy any media
with cardholder data when it is no longer needed. The idea is that if it no longer exists it
cannot be compromised.
The information supplement
can be downloaded from the documents library on the PCI SSC website at https://www.pcisecuritystandards.org/security_standards/documents.php.
