24/7 Incident Response Team
Even if you’re a small organization, PCI Requirement 12.10.3 requires that you designate specific personnel to be available on a 24/7 basis to respond to alerts. The PCI DSS explains, “Without a trained and readily available incident response team, extended damage to the network could occur, and critical data and systems may become ‘polluted’ by inappropriate handling of the targeted systems. This can hinder the success of a post-incident investigation.”
Breaches don’t work around holidays, birthdays, or anniversaries – a breach could happen at any time. How will your organization meet PCI Requirement 12.10.3?
From a PCI DSS perspective, you’re required to have someone available 24/7 to react in the event of a breach. Where we see most organizations struggle with this is if you’re a small organization, perhaps you’re a one- to two- person show, it gets pretty hard to deal with this during holidays, birthdays, and anniversaries, or even on religious days such as the Sabbath. In that situation, you need to take into account how you want to meet the 24/7 requirement, making sure that in the event that there is a breach that somebody is available to respond to those events.