top of page
< Back

12.11 PCI DSS (v3.2.1)

Compliance Standard

Compliance Version

Control ID




Requirement 12: Maintain a policy that addresses information security for all personnel


Additional requirement for service providers only: Perform reviews at least quarterly to confirm personnel are following security policies and operational procedures. Reviews must cover the following processes:
• Daily log reviews
• Firewall rule-set reviews
• Applying configuration standards to new systems
• Responding to security alerts
• Change management processes

bottom of page