"System components are defined as any network component, server, or application that is included in or connected to the cardholder data environment."
If we have supporting non-credit card information (reference number, amount, transaction number, etc) passed between a card system and another system using, say IPC, is the other system subject to PABP compliance? This other system does not touch credit card numbers.
What level of separation is required at a DB level? If two applications share a DB, as long as the access control in the non Credit Card application is atleast as good as PCI/PABP requirements, does this non credit card application becomes subject to certification? The sensitive data from the credit card application can be protected using access control.