top of page
< Back

12.10.1 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Requirement 12: Maintain a policy that addresses information security for all personnel


Create the incident response plan to be implemented in the event of system breach. Ensure the plan addresses the following, at a minimum:
• Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum
• Specific incident response procedures
• Business recovery and continuity procedures
• Data backup processes
• Analysis of legal requirements for reporting compromises
• Coverage and responses of all critical system components
• Reference or inclusion of incident response procedures from the payment brands.

bottom of page