💼 12.11 Perform reviews at least quarterly to confirm personnel are following security policies and operational procedures.
- ID:
/frameworks/pci-dss-v3.2.1/12/11
Description​
Additional requirement for service providers only.
Reviews must cover the following processes:
- Daily log reviews
- Firewall rule-set reviews
- Applying configuration standards to new systems
- Responding to security alerts
- Change management processes
Similar​
- Sections
/frameworks/pci-dss-v4.0/12/04/02
- Internal
- ID:
dec-c-663edf0d
- ID:
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 12.4.2 Reviews are performed at least once every three months to confirm that personnel are performing their tasks in accordance with all security policies and operational procedures | 1 | no data |
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 PCI DSS v4.0 → 💼 12.4.2 Reviews are performed at least once every three months to confirm that personnel are performing their tasks in accordance with all security policies and operational procedures | 1 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 12.11.1 Maintain documentation of quarterly review process. | no data |