As Element Of PCI details security expectations, Bodily cardholder data ought to also be saved in a protected location, such as a locked room or storage spot with restricted entry. The distinction between the differing types of SOC audits lies within the scope and duration from the evaluation: Requirement 8 https://www.nathanlabsadvisory.com/nist-800-cyber-security-frame-work.html