Document Comparison
PCI_Card_Production_Physical_AOC_v3.0.2.pdf
→
PCI_Card_Production_Physical_AOC_v3.0.3.pdf
73% similar
10 → 9
Pages
1705 → 1688
Words
19
Content Changes
Content Changes
19 content changes. 11 administrative changes (dates, page numbers) hidden.
Added
p. 4
Start date: YYYY-MM-DD Completion date: YYYY-MM-DD Part 2c. Security Operations Center and Security Control Room Reporting
• Remote SOC This facility is monitored by a SOC (Subject to Appendix C) Select If yes, indicate the Country, City, and Payment Brand Identification Code of the remote SOC in the fields below. If monitored by more than one remote SOC, enter the details for the primary remote SOC.
Start date: YYYY- MM-DD End date: YYYY- MM-DD
• Remote SOC This facility is monitored by a SOC (Subject to Appendix C) Select If yes, indicate the Country, City, and Payment Brand Identification Code of the remote SOC in the fields below. If monitored by more than one remote SOC, enter the details for the primary remote SOC.
Start date: YYYY- MM-DD End date: YYYY- MM-DD
Modified
p. 2
Section 1: Assessment Information Instructions for Submission This Attestation of Compliance must be completed as a declaration of the results of the card vendor’s assessment with the Payment Card Industry Card Production and Provisioning Physical Security Requirements (PCI CPPPSR). Complete all sections: The card vendor is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the requesting payment brand for reporting and submission procedures.
Section 1: Assessment Information Instructions for Submission This Attestation of Compliance must be completed by the assessor as a declaration of the results of the card vendor’s assessment with the Payment Card Industry Card Production and Provisioning Physical Security Requirements (PCI CPPPSR). All sections must be completed. The assessor is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the requesting payment brand for reporting and submission procedures.
Modified
p. 2
Part 1b. Card Production Security Assessor Company Information (if applicable) Company Name:
Part 1b. Card Production Security Assessor Company Information Company Name:
Modified
p. 3
Type of Assessment Annual audit
• no change in activities Existing location that added activities Initial (new facility) Card Production Activities Assessed:
• no change in activities Existing location that added activities Initial (new facility) Card Production Activities Assessed:
Type of Assessment Annual audit
• no change in activities Existing location that added or removed activities Initial (new facility) Card Production Activities Assessed:
• no change in activities Existing location that added or removed activities Initial (new facility) Card Production Activities Assessed:
Removed
p. 4
Start date (yyyy/mm/dd):
Completion date (yyyy/mm/dd):
Completion date (yyyy/mm/dd):
Modified
p. 4
• Date of Report (yyyy/mm/dd):
• Date of Report: YYYY-MM-DD
Modified
p. 4
Start date (yyyy/mm/dd): Completion date (yyyy/mm/dd):
Start date: YYYY-MM-DD Completion date: YYYY-MM-DD
Modified
p. 5
• Details of specific sub-requirements that were marked as “Not Applicable” in the ROC
• Details of specific sub-requirements that were marked as “Not Applicable” in the ROC.
Removed
p. 6
Start date (yyyy/mm/dd):
• Remote SOC This facility is monitored by a SOC (Subject to Appendix C) Select If yes, indicate the Country, City and Payment Brand Identification Code in the fields below of the remote SOC. If monitored by more than one remote SOC, enter the details for the primary remote SOC.
End date (yyyy/mm/dd):
• Remote SOC This facility is monitored by a SOC (Subject to Appendix C) Select If yes, indicate the Country, City and Payment Brand Identification Code in the fields below of the remote SOC. If monitored by more than one remote SOC, enter the details for the primary remote SOC.
End date (yyyy/mm/dd):
Modified
p. 7 → 6
The assessment documented in this attestation and in the ROC was completed on:
The assessment documented in this attestation and in the ROC was completed on: YYYY-MM-DD Were any requirements in the ROC identified as being not applicable (N/A)? Yes No Were any requirements not tested? Yes No Were any requirements in the ROC unable to be met due to a legal constraint? Yes No
Removed
p. 8
I have read the PCI Card Production and Provisioning Physical Security Requirements and I recognize that I must maintain PCI Card Production Security Requirements compliance, as applicable to my environment, at all times.
Modified
p. 8 → 7
Section 3: Validation and Attestation Details Part 3. PCI Card Production and Provisioning Physical Security Validation Based on the results noted in the ROC dated (completion date), the signatories identified in Parts 3b-3c, as applicable, assert(s) the following compliance status for the entity identified in Part 2 of this document as of (date): (check one):
Section 3: Validation and Attestation Details Part 3. PCI Card Production and Provisioning Physical Security Validation Based on the results noted in the ROC dated (completion date), the signatories identified in Parts 3a-3b, as applicable, assert(s) the following compliance status for the entity identified in Part 2 of this document as of (date): (check one):
Modified
p. 8 → 7
An entity submitting this form with a status of Non-Compliant may be required to complete the Action Plan in Part 4 of this document. Check with the payment brand(s) before completing Part 4.
Target Date for Compliance: YYYY-MM-DD An entity submitting this form with a status of Non-Compliant may be required to complete the Action Plan in Part 4 of this document. Check with the payment brand(s) before completing Part 4.
Modified
p. 8 → 7
Compliant but with Legal exception: One or more requirements are marked Non-Compliant as “Open” or “New” due to a legal restriction that prevents the requirement from being met. This option requires additional review from the payment brand.
Compliant but with legal exception: One or more requirements are marked Non-Compliant as “Open” or “New” due to a legal restriction that prevents the requirement from being met. This option requires additional review from the payment brand.
Modified
p. 8 → 7
Affected Requirement Details of how legal constraint prevents requirement being met Part 3a. Acknowledgement of Status Signatory(s) confirms:
Affected Requirement Details of how legal constraint prevents requirement from
Modified
p. 8
Date: YYYY-MM-DD Part 3b. Security Assessor Attestation The ROC was completed according to the PCI Card Production and Provisioning Physical Security Requirements, Version (version number), and was completed according to the instructions therein.
Removed
p. 9
Part 3c. Security Assessor Acknowledgement (if applicable) If a Security Assessor was involved or assisted with this assessment, describe the role performed:
Modified
p. 9 → 8
Signature of Assessor Date:
Signature of Assessor Date: YYYY-MM-DD Assessor Name: Assessor Company:
Modified
p. 10 → 9
PCI Card Production and Provisioning Physical Section Description of Requirement Compliant to PCI Card Vendor Security Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) 1 Roles and Responsibilities 2 Facilities 3 Production Procedures and Audit Trails 4 Packaging and Delivery Requirements PIN Printing and Packaging for Non-personalized Prepaid Cards Appendix B Logical Security Requirements
• CCTV and Access Control System Administration
• CCTV and Access Control System Administration
PCI Card Production and Provisioning Physical Section Description of Requirement Compliant to PCI Card Production and Provisioning Security Requirements (Select One) Remediation Date and Actions (If “NO” selected for any requirement) 1 Roles and Responsibilities 2 Facilities 3 Production Procedures and Audit Trails 4 Packaging and Delivery Requirements PIN Printing and Packaging for Non-personalized Prepaid Cards Appendix B Logical Security Requirements
• CCTV and Access Control System Administration
• CCTV and Access Control System Administration