[PCI DSS 1.x] 9.1 Use appropriate facility entry controls to limit and monitor physical access to systems that sto

9.1 Verify the existence of physical security controls for each computer room, data center, and other physical areas with systems that contain cardholder data

  • Verify that access is controlled with badge readers and other devices including authorized badges and lock and key
  • Observe a system administrator.s attempt to log into consoles for three randomly selected systems in the cardholder environment and verify that they are .locked. to prevent unauthorized use

Is it required physical access control for areas inside your office or headquarter?

If inside of an office or headquarter, you have an area where is only processed transactions with PAN (not stored): Is it required to limit the physical access to that area, in spite in the main entrance there are physical access control for everybody (employees, visitors, contractors, etc.) and the computer and systems use user and password to access them?