PCI Requirement 12.5.1 – Establish, Document, and Distribute Security Policies and Procedures

by Randy Bartels / July 3rd, 2018

Someone to Establish, Document, and Distribute Security Policies and Procedures

Building a PCI compliance program takes teamwork, and according to PCI Requirement 12.5.1, someone must establish, document, and distribute security policies and procedures. This role is crucial because formal documentation, implementation, and maintenance is required. By assigning someone this responsibility, you ensure that security policies will be held up to PCI standards.

For this role, it’s important that organizations develop transition and/or succession plans to avoid potential gaps in this security assignment, which could result in responsibilities not being assigned and therefore not performed.

We need to have somebody that’s formally responsible for developing policies, distributing them, and managing them. It’s not just good enough to develop the policies, we actually need somebody to manage them. From an assessment perspective, we’re looking to define who that physically is.

BLOG

PCI Requirement 12.5.1 – Establish, Document, and Distribute Security Policies and Procedures

Someone to Establish, Document, and Distribute Security Policies and Procedures

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.

BLOG

PCI Requirement 12.5.1 – Establish, Document, and Distribute Security Policies and Procedures

Someone to Establish, Document, and Distribute Security Policies and Procedures

Related Posts

Categories

Newsletter