[LEFT][SIZE=2][FONT=Arial]“System components are defined as any network component, server, or application that is included in or connected to the cardholder data environment.”[/FONT][/SIZE][/LEFT]
[LEFT][SIZE=2][FONT=Arial]If we have supporting non-credit card information (reference number, amount, transaction number, etc) passed between a card system and another system using, say IPC, is the other system subject to PABP compliance? This other system does not touch credit card numbers.[/FONT][/SIZE][/LEFT]
[LEFT][SIZE=2][FONT=Arial]What level of separation is required at a DB level? If two applications share a DB, as long as the access control in the non Credit Card application is atleast as good as PCI/PABP requirements, does this non credit card application becomes subject to certification? The sensitive data from the credit card application can be protected using access control.[/FONT][/SIZE][/LEFT]