Hi Carl, The document appears to be referring to current backups, not old backups. Moving forward, you do need to have your data encrypted on tape, but if you always encrypt the data at rest then this isn't an issue.
Talking to your QSA to make sure you are meeting PCI requirements for your old backups is the best way to be sure. Tom RATEX Business Solutions -----Original Message----- From: u2-users-boun...@listserver.u2ug.org [mailto:u2-users-boun...@listserver.u2ug.org] On Behalf Of Carl Dula Sent: Thursday, April 19, 2012 6:17 AM To: u2-users@listserver.u2ug.org Subject: Re: [U2] Credit Card numbers in your database It appears this list will not allow me to post an attachment, so please take a look at the following to answer your question on tape. https://www.pcisecuritystandards.org/security_standards/documents.php?assocation=PCI%20DSS To see the document (PCI DSS v2.0) you will have to agree to the license. Then download and take a look at both pages 31 and 67. Also lots of other good info in this document and on this site. hope that helps! -------------------------------------------------------------- Carl Dula Voice: 973-227-8440 X111 Pulsar Systems, Inc. Fax: 973-227-8440 271 US Highway 46, STE H209 email:c...@pulsarsystems.com Fairfield, NJ 07004-2474 http://www.pulsarsystems.com _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users _______________________________________________ U2-Users mailing list U2-Users@listserver.u2ug.org http://listserver.u2ug.org/mailman/listinfo/u2-users