So as alluded to before, it seems to be an Insurance (as in PCI ./insurance policies) and/or ass-covering utility. Perhaps not a necessity in every DC?<br><br><div class="gmail_quote">On Mon, Dec 3, 2012 at 10:22 AM, Mark Andrews <span dir="ltr"><<a href="mailto:marka@isc.org" target="_blank">marka@isc.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
In message <<a href="mailto:CAMtDJDKK6Ka3Hgv8Yx%2Btdo-yFLVGWEiJpt8rhAO_Pk78qRvPpA@mail.gmail.com">CAMtDJDKK6Ka3Hgv8Yx+tdo-yFLVGWEiJpt8rhAO_Pk78qRvPpA@mail.gmail.com</a>>, "Joshua D'Alton" writes:<br>
><br>
> Given I replied to you originally thinking you were replying privately vs<br>
> the list, I think it is obvious that the human element is really key, not<br>
> things like CCTV ;P<br>
><br>
> Anyway, I'm sure CCTV is essential for things like PCI, to meet the BS red<br>
> tape, but with regards to the OP post generally, so far we've only heard<br>
> political/red-tape reasons.<br>
<br>
</div>No. It is one method of meeting the standard. The *old* standard<br>
only had CCTV.<br>
<br>
Mark<br>
<br>
<a href="https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf" target="_blank">https://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf</a><br>
<br>
9.1.1 Use video cameras and/or access control mechanisms to monitor<br>
individual physical access to sensitive areas. Review collected<br>
data and correlate with other entries. Store for at least three<br>
months, unless otherwise restricted by law. Note: ―Sensitive areas‖<br>
refers to any data center, server room or any area that houses<br>
systems that store, process, or transmit cardholder data. This<br>
excludes the areas where only point-of-sale terminals are present,<br>
such as the cashier areas in a retail<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Mark Andrews, ISC<br>
1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
PHONE: <a href="tel:%2B61%202%209871%204742" value="+61298714742">+61 2 9871 4742</a> INTERNET: <a href="mailto:marka@isc.org">marka@isc.org</a><br>
</font></span></blockquote></div><br>