Professional Documents
Culture Documents
PCI DSS v3 2 1 ROC S2 Summary Overview
PCI DSS v3 2 1 ROC S2 Summary Overview
Summary Overview
2.1 Description of the entity’s payment card business
Provide an overview of the entity’s payment card business, including:
Describe the nature of the entity’s business (what kind of work they do, etc.)
Note: This is not intended to be a cut-and-paste from the entity’s website, but
should be a tailored description that shows the assessor understands the business
of the entity being assessed.
Describe how the entity stores, processes, and/or transmits cardholder data.
Note: This is not intended to be a cut-and-paste from above, but should build on
the understanding of the business and the impact this can have upon the security
of cardholder data.
Describe why the entity stores, processes, and/or transmits cardholder data.
Note: This is not intended to be a cut-and-paste from above, but should build on
the understanding of the business and the impact this can have upon the security
of cardholder data.
Identify the types of payment channels the entity serves, such as card-present
and card-not-present (for example, mail order/telephone order (MOTO), e-
commerce).
PCI DSS v3.2.1 Template for Report on Compliance, Rev. 1.0 June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 1
PCI DSS Template for Report on Compliance, Appendix D: Segmentation and Sampling of Business Facilities/System Components June 2018
© 2018 PCI Security Standards Council, LLC. All Rights Reserved. Page 2