On Sep 15, 2014, at 6:21 AM, Mark McCullough <[email protected]> wrote: > The PCI-DSS document specifies very explicitly what makes one in scope vs out > of scope, not only at a system level, but at a network level. If no payment > card data touches your systems or network, you are not PCI impacted.
Not covered under PCI, but you also have to deal with Personally Identifiable user data. This is a valid reason for an audit. -- Jo Rhett +1 (415) 999-1798 Skype: jorhett Net Consonance : net philanthropy to improve open source and internet projects. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
