It is important that you isolate your Cardholder Data Environment (CDE) from communicating with any other parts of your network. You can isolate your CDE through a method called segmentation.
There are two ways to segment:
Physical Segmentation
Your card payment systems use completely separate network equipment, such as having a dedicated router just for your payment terminals.
Virtual Segmentation
Your card payment systems are separated using firewall technology that blocks communication between your payment systems and other network areas.
Important Requirement: If you only use Virtual Segmentation then you must conduct annual penetration tests. These tests verify that your virtual segmentation actually works by attempting to breach the barriers protecting your card data systems.
Next steps
If you need penetration testing, contact your IT support team or search for a qualified third-party testing company. They'll test whether your segmentation controls effectively isolate your payment systems from the rest of your network.