top of page
< Back

3.1 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Requirement 3: Protect stored cardholder data


Keep cardholder data storage to a minimum by implementing data retention and disposal policies, procedures and processes that include at least the following for all cardholder data (CHD) storage:
• Limiting data storage amount and retention time to that which is required for legal, regulatory, and/or business requirements
• Specific retention requirements for cardholder data
• Processes for secure deletion of data when no longer needed
• A quarterly process for identifying and securely deleting stored cardholder data that exceeds defined retention.

bottom of page