PCI DSS compliance

1.1.6 Documentation and business justification for services

1.1.6 Documentation and Services

While this particular control of the PCI DSS standard is about the documentation and justification of running particular services, we can use this information regarding our IT controls as well. Business critical services for example, may require additional safeguards. Since PCI is about processing of payments and related data, we should ensure that our systems are "clean". That means, every system should do a single job very well and not be cluttered with all kind of strings to other systems.