As part of PCI information security specifications, physical cardholder information should even be stored inside a safe location, for instance a locked room or storage region with restricted accessibility. The storage period doesn’t seem proportionate to the goal of obtaining work for anyone during the shorter to medium time period. https://www.nathanlabsadvisory.com/blog/nathan/implementing-iso-27001-at-nathan-lab-advisory-company-a-comprehensive-guide/
