Hello all!

I'm trying to get a grip on req. 12.3.4 "Labeling of devices with owner, contact information, and purpose".

Is it refering to physical devices, i.e. equipment or is is logical devices such as harddrives and so on?

Anyone have any background or feedback on this specific requirement?

Take care!

Requirement 12.3.4 is related to mobile objects such as laptops, PDAs, SD cards, magnetic tapes, etc. that process, store or transmit cardholder Data (CHD). The idea is that these devices should be labeled for ready identification if they are lost or stolen. A person's name, company address and telephone number should be on the label.

Although, I'm not a fan of the label containing the company's name and "purpose." In my humble opinion a company's name gives a thief an idea that it might be valuable (i.e., First Data, ABC Bank, etc.). And a purpose such as "credit card data storage" or even "information storage" gives a thief a basic idea of what they are stealing.