{"id":1573,"date":"2022-06-27T09:01:00","date_gmt":"2022-06-27T07:01:00","guid":{"rendered":"http:\/\/10.24.225.70\/?p=1573"},"modified":"2026-04-01T15:23:21","modified_gmt":"2026-04-01T13:23:21","slug":"how-to-determine-and-reduce-pci-dss-scope","status":"publish","type":"post","link":"https:\/\/complior.se\/en\/how-to-determine-and-reduce-pci-dss-scope\/","title":{"rendered":"How to determine and reduce PCI DSS scope"},"content":{"rendered":"<div class=\"wp-block-uagb-container uagb-block-1c95cc62 alignfull uagb-is-root-container\"><div class=\"uagb-container-inner-blocks-wrap\">\n<div class=\"wp-block-group blockera-block blockera-block-627ud4 is-vertical is-layout-flex wp-container-core-group-is-layout-fe9cc265 wp-block-group-is-layout-flex\">\n<div class=\"wp-block-kadence-advancedbtn kb-buttons-wrap kb-btns1573_b5350f-6b\"><a class=\"kb-button kt-button button kb-btn1573_a09aa8-13 kt-btn-size-standard kt-btn-width-type-auto kb-btn-global-fill  kt-btn-has-text-true kt-btn-has-svg-true  wp-block-kadence-singlebtn\" href=\"https:\/\/complior.se\/en\/resources\/\"><span class=\"kb-svg-icon-wrap kb-svg-icon-fe_arrowLeft kt-btn-icon-side-left\"><svg viewbox=\"0 0 24 24\"  fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"  aria-hidden=\"true\"><line x1=\"19\" y1=\"12\" x2=\"5\" y2=\"12\"\/><polyline points=\"12 19 5 12 12 5\"\/><\/svg><\/span><span class=\"kt-btn-inner-text\">Tillbaka till resurser<\/span><\/a><\/div>\n\n\n\n<span class=\"kt-adv-heading1573_3908d0-bd wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_3908d0-bd\">Blog<\/span>\n\n\n\n<h1 class=\"kt-adv-heading1573_4899b6-29 animated fadeIn wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_4899b6-29\">How to determine and reduce PCI DSS scope<\/h1>\n\n\n\n<div class=\"wp-block-group animated fadeIn is-nowrap is-layout-flex wp-container-core-group-is-layout-6c531013 wp-block-group-is-layout-flex\"><div class=\"publish-date-container\">\r\n\t<svg\r\n\t\twidth=\"16\"\r\n\t\theight=\"16\"\r\n\t\tviewbox=\"0 0 24 24\"\r\n\t\tfill=\"none\"\r\n\t\tstroke=\"#4b4b4b\"\r\n\t\tstroke-width=\"2\"\r\n\t\tstroke-linecap=\"round\"\r\n\t\tstroke-linejoin=\"round\"\r\n\t\txmlns=\"http:\/\/www.w3.org\/2000\/svg\"\r\n\t\taria-hidden=\"true\"\r\n\t>\r\n\t\t<rect x=\"3\" y=\"4\" width=\"18\" height=\"18\" rx=\"2\" ry=\"2\"><\/rect>\r\n\t\t<line x1=\"16\" y1=\"2\" x2=\"16\" y2=\"6\"><\/line>\r\n\t\t<line x1=\"8\" y1=\"2\" x2=\"8\" y2=\"6\"><\/line>\r\n\t\t<line x1=\"3\" y1=\"10\" x2=\"21\" y2=\"10\"><\/line>\r\n\t<\/svg>\r\n\t<span class=\"date-text\">\r\n\t\tJun 27, 2022\t<\/span>\r\n<\/div>\n\n\n<h1 class=\"kt-adv-heading1573_136553-56 wp-block-kadence-advancedheading kt-adv-heading-has-icon animated fadeIn delay-100ms\" data-kb-block=\"kb-adv-heading1573_136553-56\"><span class=\"kb-svg-icon-wrap kb-adv-heading-icon kb-svg-icon-fe_clock kb-adv-heading-icon-side-left\"><svg viewbox=\"0 0 24 24\"  fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"  aria-hidden=\"true\"><circle cx=\"12\" cy=\"12\" r=\"10\"\/><polyline points=\"12 6 12 12 16 14\"\/><\/svg><\/span><span class=\"kb-adv-text-inner\">5 min <\/span><\/h1><\/div>\n<\/div>\n\n\n\n<figure class=\"wp-block-kadence-image kb-image1573_91d8b7-5b\"><img loading=\"lazy\" decoding=\"async\" width=\"2560\" height=\"1340\" src=\"https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-scaled.png\" alt=\"Group of pxeople holding desktops\" class=\"kb-img wp-image-73560\" srcset=\"https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-scaled.png 2560w, https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-300x157.png 300w, https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-1024x536.png 1024w, https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-768x402.png 768w, https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-1536x804.png 1536w, https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-2048x1072.png 2048w, https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-18x9.png 18w\" sizes=\"auto, (max-width: 2560px) 100vw, 2560px\" \/><\/figure>\n<\/div><\/div>\n\n\n\n<div class=\"wp-block-uagb-container uagb-block-2eeb7bfc alignfull uagb-is-root-container\"><div class=\"uagb-container-inner-blocks-wrap\">\n<div class=\"wp-block-group blockera-block blockera-block-1xsh9r6 is-vertical is-layout-flex wp-container-core-group-is-layout-b2c973f4 wp-block-group-is-layout-flex\">\n<div class=\"wp-block-group blockera-block blockera-block-1mdgshl is-vertical is-layout-flex wp-container-core-group-is-layout-90752e8f wp-block-group-is-layout-flex\">\n<h2 class=\"kt-adv-heading1573_261907-e9 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_261907-e9\">PCI DSS compliance process<\/h2>\n\n\n\n<p class=\"kt-adv-heading1573_91708f-fa wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_91708f-fa\">The journey towards PCI compliance is not always straightforward. The PCI compliance process is oftentimes very costly and requires a lot of resources. A lot of organizations also struggle to understand what systems need to be protected and have to fulfill the requirements in PCI DSS. Defining scope is a critical process. So how do you define PCI DSS scope? And are there ways to reduce it?<\/p>\n\n\n\n<p class=\"kt-adv-heading1573_1f118a-d2 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_1f118a-d2\">The security standard PCI DSS applies to all entities that store, process, and or transmit cardholder data. The PCI SSC, Payment Card Industry Security Standards Council, lists the following steps in the compliance process.<\/p>\n\n\n\n<ul style=\"font-size:clamp(14px, 0.875rem + ((1vw - 3.2px) * 0.227), 16px);font-style:normal;font-weight:500\" class=\"wp-block-list blockera-block blockera-block-1bldb17 has-manrope-font-family\">\n<li>Scope<\/li>\n\n\n\n<li>Asses<\/li>\n\n\n\n<li>Report<\/li>\n\n\n\n<li>Attest<\/li>\n\n\n\n<li>Submit<\/li>\n\n\n\n<li>Remediate<\/li>\n<\/ul>\n\n\n\n<p class=\"kt-adv-heading1573_e5a6bd-be wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_e5a6bd-be\">The first step in the PCI DSS process is to determine which components and networks are in scope for PCI DSS. The PCI scoping exercise should be done annually and prior to any PCI DSS assessment.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-1qe4hwl is-vertical is-layout-flex wp-container-core-group-is-layout-90752e8f wp-block-group-is-layout-flex\">\n<h2 class=\"kt-adv-heading1573_1597bf-e9 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_1597bf-e9\">What is PCI scope?<\/h2>\n\n\n\n<p class=\"kt-adv-heading1573_8ad78a-59 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_8ad78a-59\">PCI scope is how the PCI Council defines what parts of your environment have to meet the requirements of PCI DSS. What is defined as being in scope for PCI DSS are all the system components that are connected to or located within the cardholder data environment, CDE.<\/p>\n\n\n\n<p class=\"kt-adv-heading1573_d1396f-bf wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_d1396f-bf\">According to PCI DSS, the cardholder data environment is comprised of people, processes, and technology that handle cardholder data or sensitive authentication data. In this context, handle means to store, process, and or transmit cardholder data. This means that if your company has assets that store, process or transmit payment card data, they are in scope. The first step towards PCI compliance is about accurately identifying system components that store, process or transmit payment card data.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-1shc16i is-vertical is-layout-flex wp-container-core-group-is-layout-90752e8f wp-block-group-is-layout-flex\">\n<h2 class=\"kt-adv-heading1573_513ddb-3d wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_513ddb-3d\">How do you determine what is in scope?<\/h2>\n\n\n\n<p class=\"kt-adv-heading1573_88c7f2-9f wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_88c7f2-9f\">Best practice when determining scope is to assume that everything is in scope until proven otherwise. Start by identifying flows of cardholder data, as well as locations of cardholder data. You should also identify all system components that are connected to the cardholder data environment. These can include servers, applications, virtual machines, routers, and other virtualized components.<\/p>\n\n\n\n<p class=\"kt-adv-heading1573_fb37ca-a4 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_fb37ca-a4\">Systems located within the Cardholder Data Environment are in scope, regardless of their function. Systems that connect to systems within the Cardholder Data Environment are also in scope, regardless of their purpose. In a flat network, all systems are in scope if any system stores, processes, or transmits cardholder data.<\/p>\n\n\n\n<p class=\"kt-adv-heading1573_45a8c2-5f wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_45a8c2-5f\">A common mistake is assuming that systems outside the cardholder data environment are automatically out of scope. This is not always true. If a system, even if not directly connected, could impact the security of the CDE if compromised, it must be included in scope.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-1rxitim is-vertical is-layout-flex wp-container-core-group-is-layout-90752e8f wp-block-group-is-layout-flex\">\n<h2 class=\"kt-adv-heading1573_52aeb0-37 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_52aeb0-37\">When is a system out of scope?<\/h2>\n\n\n\n<p class=\"kt-adv-heading1573_3331a4-1a wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_3331a4-1a\">A system is considered out of scope when it is fully isolated from the Cardholder Data Environment. This means that even if the system were compromised, it would not affect the security of the CDE.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-c22ymw is-vertical is-layout-flex wp-container-core-group-is-layout-90752e8f wp-block-group-is-layout-flex\">\n<h2 class=\"kt-adv-heading1573_425840-26 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_425840-26\">How do you reduce PCI DSS scope?<\/h2>\n\n\n\n<p class=\"kt-adv-heading1573_ecfed3-9a wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_ecfed3-9a\">The more systems, processes, and complexity in your IT environment, the more difficult and expensive it becomes to achieve and maintain PCI compliance. Once you have identified what is in scope, reducing that scope should be a priority.<\/p>\n\n\n\n<p class=\"kt-adv-heading1573_8a841d-bc wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_8a841d-bc\">Reducing scope can lower compliance costs, reduce operational burden, and minimize the risk of security breaches. While no single technology can eliminate all PCI DSS requirements, there are several effective methods to significantly reduce scope.<\/p>\n\n\n\n<p class=\"kt-adv-heading1573_8d0395-46 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_8d0395-46\">Read more <a href=\"https:\/\/www.pcisecuritystandards.org\/documents\/Guidance-PCI-DSS-Scoping-and-Segmentation_v1_1.pdf\">here <\/a><\/p>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-1rxitim is-vertical is-layout-flex wp-container-core-group-is-layout-90752e8f wp-block-group-is-layout-flex\">\n<h3 class=\"kt-adv-heading1573_550e26-56 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_550e26-56\">Network segmentation<\/h3>\n\n\n\n<p class=\"kt-adv-heading1573_0d83f5-07 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_0d83f5-07\">Network segmentation involves isolating the cardholder data environment from the rest of the network. The goal is to prevent out of scope systems from communicating with or impacting systems within the CDE.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-1rxitim is-vertical is-layout-flex wp-container-core-group-is-layout-90752e8f wp-block-group-is-layout-flex\">\n<h3 class=\"kt-adv-heading1573_73a073-52 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_73a073-52\">Tokenization<\/h3>\n\n\n\n<p class=\"kt-adv-heading1573_decd1a-c5 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_decd1a-c5\">Tokenization replaces sensitive cardholder data with non sensitive values known as tokens. These tokens are randomly generated and have no exploitable value. Since tokenized data is not considered cardholder data, systems handling only tokens can be removed from scope.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-1rxitim is-vertical is-layout-flex wp-container-core-group-is-layout-90752e8f wp-block-group-is-layout-flex\">\n<h3 class=\"kt-adv-heading1573_d528bf-33 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_d528bf-33\">Point to Point Encryption P2PE<\/h3>\n\n\n\n<p class=\"kt-adv-heading1573_101d15-12 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_101d15-12\">P2PE protects payment data by encrypting it at the point of interaction, such as when a card is swiped, and keeping it encrypted until it reaches a secure decryption environment. This reduces the risk of data exposure and lowers the number of applicable PCI requirements.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group blockera-block blockera-block-1mlvj36 is-vertical is-layout-flex wp-container-core-group-is-layout-90752e8f wp-block-group-is-layout-flex\">\n<h3 class=\"kt-adv-heading1573_996bd8-96 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_996bd8-96\">Outsourcing<\/h3>\n\n\n\n<p class=\"kt-adv-heading1573_ae9d9e-8b wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_ae9d9e-8b\">Using PCI compliant vendors can significantly reduce scope. By outsourcing to certified providers or using PCI compliant cloud platforms, organizations can offload parts of the compliance burden.<\/p>\n\n\n\n<p class=\"kt-adv-heading1573_b6a9ce-af wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_b6a9ce-af\">In some cases, this may reduce requirements to completing a Self Assessment Questionnaire and relying on the vendor\u2019s compliance documentation.<\/p>\n\n\n\n<p class=\"kt-adv-heading1573_28ace4-84 wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_28ace4-84\">However, it is important to evaluate both cost and security. The vendor must maintain security standards equal to or higher than your own organization.<\/p>\n\n\n\n<p class=\"kt-adv-heading1573_2561b6-1c wp-block-kadence-advancedheading\" data-kb-block=\"kb-adv-heading1573_2561b6-1c\">Read more <a href=\"https:\/\/complior.se\/en\/compliance-platform\/\">here<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>The journey towards PCI compliance is not always straightforward. The PCI compliance process can be costly and requires a lot of resources<\/p>","protected":false},"author":2,"featured_media":73560,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"blogg","format":"standard","meta":{"_editorskit_title_hidden":false,"_editorskit_reading_time":4,"_editorskit_is_block_options_detached":false,"_editorskit_block_options_position":"{}","_eb_attr":"","inline_featured_image":false,"_uag_custom_page_level_css":"","wpm_timeformat":"","_wpm_styles":"","footnotes":""},"categories":[118],"tags":[117,128],"class_list":["post-1573","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogg","tag-blog","tag-pci-dss"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to determine and reduce PCI DSS scope - Complior<\/title>\n<meta name=\"description\" content=\"The journey towards PCI compliance is not always straightforward. The PCI compliance process can be costly and requires a lot of resources\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/complior.se\/en\/how-to-determine-and-reduce-pci-dss-scope\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to determine and reduce PCI DSS scope - Complior\" \/>\n<meta property=\"og:description\" content=\"The journey towards PCI compliance is not always straightforward. The PCI compliance process can be costly and requires a lot of resources\" \/>\n<meta property=\"og:url\" content=\"https:\/\/complior.se\/en\/how-to-determine-and-reduce-pci-dss-scope\/\" \/>\n<meta property=\"og:site_name\" content=\"Complior\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-27T07:01:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-01T13:23:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-scaled.png\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1340\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Kikki Bostrom\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kikki Bostrom\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/\"},\"author\":{\"name\":\"Kikki Bostrom\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\"},\"headline\":\"How to determine and reduce PCI DSS scope\",\"datePublished\":\"2022-06-27T07:01:00+00:00\",\"dateModified\":\"2026-04-01T13:23:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/\"},\"wordCount\":782,\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/PCI-DSS-Scope-blog_v-scaled.png\",\"keywords\":[\"Blog\",\"PCI DSS\"],\"articleSection\":[\"Blogg\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/\",\"name\":\"How to determine and reduce PCI DSS scope - Complior\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/PCI-DSS-Scope-blog_v-scaled.png\",\"datePublished\":\"2022-06-27T07:01:00+00:00\",\"dateModified\":\"2026-04-01T13:23:21+00:00\",\"description\":\"The journey towards PCI compliance is not always straightforward. The PCI compliance process can be costly and requires a lot of resources\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/#primaryimage\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/PCI-DSS-Scope-blog_v-scaled.png\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/PCI-DSS-Scope-blog_v-scaled.png\",\"width\":2560,\"height\":1340,\"caption\":\"Group of pxeople holding desktops\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/complior.se\\\/how-to-determine-and-reduce-pci-dss-scope\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/complior.se\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to determine and reduce PCI DSS scope\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/complior.se\\\/#website\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"name\":\"Complior\",\"description\":\"Security beyond compliance\",\"publisher\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/complior.se\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/complior.se\\\/#organization\",\"name\":\"Complior\",\"url\":\"https:\\\/\\\/complior.se\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"contentUrl\":\"https:\\\/\\\/complior.se\\\/wp-content\\\/uploads\\\/2025\\\/06\\\/Complior_logo_dark-scaled.png\",\"width\":2560,\"height\":960,\"caption\":\"Complior\"},\"image\":{\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/complior.se\\\/#\\\/schema\\\/person\\\/841f8a57425589a6d7f13c201d345016\",\"name\":\"Kikki Bostrom\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g\",\"caption\":\"Kikki Bostrom\"},\"url\":\"https:\\\/\\\/complior.se\\\/en\\\/author\\\/kikki\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to determine and reduce PCI DSS scope - Complior","description":"The journey towards PCI compliance is not always straightforward. The PCI compliance process can be costly and requires a lot of resources","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/complior.se\/en\/how-to-determine-and-reduce-pci-dss-scope\/","og_locale":"en_GB","og_type":"article","og_title":"How to determine and reduce PCI DSS scope - Complior","og_description":"The journey towards PCI compliance is not always straightforward. The PCI compliance process can be costly and requires a lot of resources","og_url":"https:\/\/complior.se\/en\/how-to-determine-and-reduce-pci-dss-scope\/","og_site_name":"Complior","article_published_time":"2022-06-27T07:01:00+00:00","article_modified_time":"2026-04-01T13:23:21+00:00","og_image":[{"width":2560,"height":1340,"url":"https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-scaled.png","type":"image\/png"}],"author":"Kikki Bostrom","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Kikki Bostrom","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/#article","isPartOf":{"@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/"},"author":{"name":"Kikki Bostrom","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016"},"headline":"How to determine and reduce PCI DSS scope","datePublished":"2022-06-27T07:01:00+00:00","dateModified":"2026-04-01T13:23:21+00:00","mainEntityOfPage":{"@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/"},"wordCount":782,"publisher":{"@id":"https:\/\/complior.se\/#organization"},"image":{"@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-scaled.png","keywords":["Blog","PCI DSS"],"articleSection":["Blogg"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/","url":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/","name":"How to determine and reduce PCI DSS scope - Complior","isPartOf":{"@id":"https:\/\/complior.se\/#website"},"primaryImageOfPage":{"@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/#primaryimage"},"image":{"@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/#primaryimage"},"thumbnailUrl":"https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-scaled.png","datePublished":"2022-06-27T07:01:00+00:00","dateModified":"2026-04-01T13:23:21+00:00","description":"The journey towards PCI compliance is not always straightforward. The PCI compliance process can be costly and requires a lot of resources","breadcrumb":{"@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/#primaryimage","url":"https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-scaled.png","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-scaled.png","width":2560,"height":1340,"caption":"Group of pxeople holding desktops"},{"@type":"BreadcrumbList","@id":"https:\/\/complior.se\/how-to-determine-and-reduce-pci-dss-scope\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/complior.se\/"},{"@type":"ListItem","position":2,"name":"How to determine and reduce PCI DSS scope"}]},{"@type":"WebSite","@id":"https:\/\/complior.se\/#website","url":"https:\/\/complior.se\/","name":"Complior","description":"Security beyond compliance","publisher":{"@id":"https:\/\/complior.se\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/complior.se\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/complior.se\/#organization","name":"Complior","url":"https:\/\/complior.se\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/","url":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","contentUrl":"https:\/\/complior.se\/wp-content\/uploads\/2025\/06\/Complior_logo_dark-scaled.png","width":2560,"height":960,"caption":"Complior"},"image":{"@id":"https:\/\/complior.se\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/complior.se\/#\/schema\/person\/841f8a57425589a6d7f13c201d345016","name":"Kikki Bostrom","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3a78a33b10cfcbf5a04f53b522f24d176544c6ab014b5174854b6bb92287e13?s=96&d=mm&r=g","caption":"Kikki Bostrom"},"url":"https:\/\/complior.se\/en\/author\/kikki\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-scaled.png",2560,1340,false],"thumbnail":["https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-150x150.png",150,150,true],"medium":["https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-300x157.png",300,157,true],"medium_large":["https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-768x402.png",768,402,true],"large":["https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-1024x536.png",1024,536,true],"1536x1536":["https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-1536x804.png",1536,804,true],"2048x2048":["https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-2048x1072.png",2048,1072,true],"trp-custom-language-flag":["https:\/\/complior.se\/wp-content\/uploads\/2022\/07\/PCI-DSS-Scope-blog_v-18x9.png",18,9,true]},"uagb_author_info":{"display_name":"Kikki Bostrom","author_link":"https:\/\/complior.se\/en\/author\/kikki\/"},"uagb_comment_info":0,"uagb_excerpt":"The journey towards PCI compliance is not always straightforward. The PCI compliance process can be costly and requires a lot of resources","_links":{"self":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/1573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/comments?post=1573"}],"version-history":[{"count":5,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/1573\/revisions"}],"predecessor-version":[{"id":80192,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/posts\/1573\/revisions\/80192"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media\/73560"}],"wp:attachment":[{"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/media?parent=1573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/categories?post=1573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/complior.se\/en\/wp-json\/wp\/v2\/tags?post=1573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}