Good afternoon - a quick question on the completion of the SA.

We are completing this form with a view to using the Virtual Terminal from the provider SagePay. Where we have to completed the following element:

1.2.1 Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment, and specifically deny all other traffic.

Is this a Yes for compliant as they host all the data and system for entering the details?

We will have the PCs in dedicated office entering the details via a Citrix session which will distribute the application with copy/paste blocked, etc.

Many thanks