Why did my PCI DSS Scope Explode?
It can be extremely frustrating for a compliance team to realize that additional systems are in-scope. It means additional and unexpected security controls and validation. The most stressful time of year for PCI compliance staff, during an onsite assessment, is the worst time to discover new scope. Yet, this problem affects many organizations. Report on Compliance assessments often uncover these unknown scope components, so you are not alone if this happened to you.