💼 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.

Description

Include at least the following:

Coverage for all locations of stored account data.
Coverage for any sensitive authentication data (SAD) stored prior to completion of authorization. This bullet is a best practice until its effective date; refer to Applicability Notes below for details.
Limiting data storage amount and retention time to that which is required for legal or regulatory, and/or business requirements.
Specific retention requirements for stored account data that defines length of retention period and includes a documented business justification.
Processes for secure deletion or rendering account data unrecoverable when no longer needed per the retention policy.
A process for verifying, at least once every three months, that stored account data exceeding the defined retention period has been securely deleted or rendered unrecoverable.

Sections
- /frameworks/pci-dss-v3.2.1/03/01
- /frameworks/pci-dss-v4.0.1/03/02/01
Internal
- ID: dec-c-741d4cc8

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v3.2.1 → 💼 3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies.			1		no data
💼 PCI DSS v4.0.1 → 💼 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.			1		no data

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 PCI DSS v3.2.1 → 💼 3.1 Keep cardholder data storage to a minimum by implementing data retention and disposal policies.			1		no data
💼 PCI DSS v4.0.1 → 💼 3.2.1 Account data storage is kept to a minimum through implementation of data retention and disposal policies, procedures, and processes.			1		no data

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policy	Logic Count	Flags	Compliance
🛡️ AWS RDS Cluster Backup Retention Period is less than 7 days🟢	1	🟢 x6	no data