Good afternoon - a quick question on the completion of the SA.
We are completing this form with a view to using the Virtual Terminal from the provider SagePay. Where we have to completed the following element:
1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.
Is this a Yes for compliant as they host all the data and system for entering the details?
We will have the PCs in dedicated office entering the details via a Citrix session which will distribute the application with copy/paste blocked, etc.