| 💼 9.4.1 All media with cardholder data is physically secured. | 2 | | | | no data |
|  💼 9.4.1.1 Offline media backups with cardholder data are stored in a secure location. | | | | | no data |
|  💼 9.4.1.2 The security of the offline media backup location(s) with cardholder data is reviewed at least once every 12 months. | | | | | no data |
| 💼 9.4.2 All media with cardholder data is classified in accordance with the sensitivity of the data. | | | | | no data |
| 💼 9.4.3 Media with cardholder data sent outside the facility is secured. | | | | | no data |
| 💼 9.4.4 Management approves all media with cardholder data that is moved outside the facility. | | | | | no data |
| 💼 9.4.5 Inventory logs of all electronic media with cardholder data are maintained. | 1 | | 6 | | no data |
|  💼 9.4.5.1 Inventories of electronic media with cardholder data are conducted at least once every 12 months. | | | | | no data |
| 💼 9.4.6 Hard-copy materials with cardholder data are destroyed when no longer needed for business or legal reasons. | | | | | no data |
| 💼 9.4.7 Electronic media with cardholder data is destroyed when no longer needed for business or legal reasons. | | | | | no data |