PCI – If you are a merchant, service provider, or sub-service provider who stores, processes, or transmits cardholder data, you know what a challenge it can be to undergo your annual PCI compliance audit. Don’t let the thought of this 394 control framework slow you down. Our exclusive PCI video series walks you through each of the 12 PCI DSS Requirements, and their sub-requirements, and examples of how to meet each of the requirements. Start watching this go-to resource today.
The final requirement in PCI Requirement 12 works in conjunction with PCI Requirement 12.11.
If you are a service provider, your organization must comply with PCI Requirement 12.11. It requires that you perform reviews at least quarterly to confirm personnel are following security policies and operational procedures.
Your incident response plan should be able to easily modify so it can be as thorough and up-to-date as possible.
PCI Requirement 12.10.5 states that your incident response plan should, “Include alerts from security monitoring systems, including but not limited to intrusion-detection, intrusion-prevention, firewalls, and file-integrity monitoring systems.”
PCI Requirement 12.10.4 requires that your organization provides appropriate training to staff with security breach response responsibilities.