Document Comparison
PCI_Card_Production_Physical_AOC_V1.pdf
→
PCI_Card_Production_Physical_AOC_v3_2024.pdf
85% similar
8 → 10
Pages
1394 → 1702
Words
16
Content Changes
Content Changes
16 content changes. 10 administrative changes (dates, page numbers) hidden.
Added
p. 4
• Was the review done onsite or remotely:
• If remotely, state the rationale:
Section 2: Facilities
• If remotely, state the rationale:
Section 2: Facilities
Added
p. 6
• Security Operations Center This facility operates a SOC (Subject to Appendix C)
• Remote SOC This facility is monitored by a SOC (Subject to Appendix C) Select If yes, indicate the Country, City and Payment Brand Identification Code in the fields below of the remote SOC. If monitored by more than one remote SOC, enter the details for the primary remote SOC.
If the facility was monitored remotely for a period less than the full audit cycle, indicate the start and end dates that the facility was monitored by the remote SOC. If multiple start and end dates apply, enter the first start date and the last end date.
Remote SOC Location: Country: City: Payment Brand Identification Code:
Full Audit Cycle? Select If not, enter the period that the facility was monitored by a remote SOC.
Start date (yyyy/mm/dd):
End date (yyyy/mm/dd):
• Security Control Room This facility operates an SCR and has not been monitored …
• Remote SOC This facility is monitored by a SOC (Subject to Appendix C) Select If yes, indicate the Country, City and Payment Brand Identification Code in the fields below of the remote SOC. If monitored by more than one remote SOC, enter the details for the primary remote SOC.
If the facility was monitored remotely for a period less than the full audit cycle, indicate the start and end dates that the facility was monitored by the remote SOC. If multiple start and end dates apply, enter the first start date and the last end date.
Remote SOC Location: Country: City: Payment Brand Identification Code:
Full Audit Cycle? Select If not, enter the period that the facility was monitored by a remote SOC.
Start date (yyyy/mm/dd):
End date (yyyy/mm/dd):
• Security Control Room This facility operates an SCR and has not been monitored …
Modified
p. 2
Section 1: Assessment Information Instructions for Submission This Attestation of Compliance must be completed as a declaration of the results of the card vendor’s assessment with the Payment Card Industry Card Production and Provisioning Physical Security Requirements (PCI CPPLSR). Complete all sections: The card vendor is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the requesting payment brand for reporting and submission procedures.
Section 1: Assessment Information Instructions for Submission This Attestation of Compliance must be completed as a declaration of the results of the card vendor’s assessment with the Payment Card Industry Card Production and Provisioning Physical Security Requirements (PCI CPPPSR). Complete all sections: The card vendor is responsible for ensuring that each section is completed by the relevant parties, as applicable. Contact the requesting payment brand for reporting and submission procedures.
Modified
p. 3
Type of Assessment Annual Existing Vendor that added services Initial (New Vendor) Card Production Activities Assessed:
Type of Assessment Annual audit
• no change in activities Existing location that added activities Initial (new facility) Card Production Activities Assessed:
• no change in activities Existing location that added activities Initial (new facility) Card Production Activities Assessed:
Modified
p. 3
Mobile Provisioning Activities Assessed:
Modified
p. 3
Secure Element Provisioning Services Product/Solution Description Cloud-based (HCE) Provisioning Services Product/Solution Description Part 2c. Locations
Secure Element Provisioning Activities Product/Solution Description Cloud-based (HCE) Provisioning Activities Product/Solution Description
Modified
p. 3 → 4
• Identify date(s) spent onsite at the entity:
• If applicable, identify date(s) spent onsite at the entity:
Modified
p. 4 → 5
• Reason why sub-requirement(s) were not applicable
• Reason why sub-requirement(s) were not applicable.
Modified
p. 4 → 5
Section 2: Roles and Responsibilities
Section 1: Roles and Responsibilities
Modified
p. 4 → 5
Section 4: Production Procedures and Audit Trails
Section 3: Production Procedures and Audit Trails
Modified
p. 4 → 5
Section 5: Packaging and Delivery Requirements
Section 4: Packaging and Delivery Requirements
Modified
p. 4 → 5
Section 6: PIN Printing and Packaging for Non- personalized Prepaid Cards Appendix B: Logical Security Requirements
• CCTV and Access Control System Administration
• CCTV and Access Control System Administration
Section 5: PIN Printing and Packaging for Non- personalized Prepaid Cards Appendix B: Logical Security Requirements
• CCTV and Access Control System (ACS) Administration
• CCTV and Access Control System (ACS) Administration
Removed
p. 6
Compliant but with Legal exception: One or more requirements are marked “Not in Place” due to a legal restriction that prevents the requirement from being met. This option requires additional review from acquirer or payment brand.
Modified
p. 6 → 8
Compliant: All sections of the PCI Card Production and Provisioning Physical Security ROC are complete, all questions answered affirmatively, resulting in an overall COMPLIANT rating; thereby (Card Prodcution and Provisioning Vendoir Company Name) has demonstrated full compliance with the PCI Card Production and Provisioning Physical Security Requirements.
Compliant: All sections of the PCI Card Production and Provisioning Physical Security ROC are complete, all questions answered affirmatively, resulting in an overall COMPLIANT rating; thereby (Card Production and Provisioning Vendor Company Name) has demonstrated full compliance with the PCI Card Production and Provisioning Physical Security Requirements.
Modified
p. 6 → 8
Non-Compliant: Not all sections of the PCI Card Production and Provisioning Physical Security ROC are complete, or not all questions are answered affirmatively, resulting in an overall NON-COMPLIANT rating, thereby (Card Prodcution and Provisioning Vendor Company Name) has not demonstrated full compliance with the PCI Card Production and Provisioning Physical Security Requirements.
Non-Compliant: Not all sections of the PCI Card Production and Provisioning Physical Security ROC are complete, or not all questions are answered affirmatively, resulting in an overall NON-COMPLIANT rating, thereby (Card Production and Provisioning Vendor Company Name) has not demonstrated full compliance with the PCI Card Production and Provisioning Physical Security Requirements.
Modified
p. 8 → 10
PCI Card Production Description of Requirement Compliant to PCI Card Vendor Security Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) 2 Roles and Responsibilities 3 Premises 4 Production Procedures and Audit Trails 5 Packaging and Delivery Requirements 6 PIN Printing and Packaging for Non-personalized Prepaid Cards Appendix B Logical Security Requirements
• CCTV and Access Control System Administration
• CCTV and Access Control System Administration
PCI Card Production and Provisioning Physical Section Description of Requirement Compliant to PCI Card Vendor Security Requirements (Select One) Remediation Date and Actions (If “NO” selected for any Requirement) 1 Roles and Responsibilities 2 Facilities 3 Production Procedures and Audit Trails 4 Packaging and Delivery Requirements PIN Printing and Packaging for Non-personalized Prepaid Cards Appendix B Logical Security Requirements
• CCTV and Access Control System Administration
• CCTV and Access Control System Administration