The PCI Security Standards Council describes the scope of PCI DSS Requirements as follows:

"The PCI DSS security requirements apply to all system components included in or connected to the cardholder data environment. The cardholder data environment (CDE) is comprised of people, processes and technologies that store, process, or transmit cardholder data or sensitive authentication data."

APEXX will discuss with you how much access to and control over your customers' cardholder data you expect. We will then request the compliance document that is applicable to that level of control (SAQ/ROC/AOC) from you.

The reason we require merchants to demonstrate that they are compliant is that any non-compliant system within the cardholder data environment puts the entire CDE at risk.

Please review your individual situation with your APEXX representative to understand the documentation and compliance requirements applicable to your specific merchant environment.