We are not posing that question as a customer; we are posing the question as your IT and Security consultant. We ask because a “YES” answer means that your organization is required by law to put in place certain IT and security practices.
If you handle any type of credit cards or banking information, make sure your organization is in line with PCI DSS (Payment Card Industry Data Security Standard) compliance.