PCI Requirement 12.5.1 – Establish, Document, and Distribute Security Policies and Procedures

PCI Requirement 12.5.1 – Establish, Document, and Distribute Security Policies and Procedures

Someone to Establish, Document, and Distribute Security Policies and Procedures

Building a PCI compliance program takes teamwork, and according to PCI Requirement 12.5.1, someone must establish, document, and distribute security policies and procedures. This role is crucial because formal documentation, implementation, and maintenance is required. By assigning someone this responsibility, you ensure that security policies will be held up to PCI standards.

For this role, it’s important that organizations develop transition and/or succession plans to avoid potential gaps in this security assignment, which could result in responsibilities not being assigned and therefore not performed.

Video Transcript

We need to have somebody that’s formally responsible for developing policies, distributing them, and managing them. It’s not just good enough to develop the policies, we actually need somebody to manage them. From an assessment perspective, we’re looking to define who that physically is.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *