💼 12.1 A comprehensive information security policy that governs and provides direction for protection of the entity's information assets is known and current.

• Contextual name: 💼 12.1 A comprehensive information security policy that governs and provides direction for protection of the entity's information assets is known and current.

• ID: /frameworks/pci-dss-v4.0/12/01

• Located in: 💼 12 Support Information Security with Organizational Policies and Programs

Description

Empty...

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 12.1.1 An overall information security policy is established, published, maintained, and disseminated to all relevant personnel, as well as to relevant vendors and business partners.
💼 12.1.2 The information security policy is reviewed at least once every 12 months, and updated as needed to reflect changes to business objectives or risks to the environment.
💼 12.1.3 The security policy clearly defines information security roles and responsibilities for all personnel, and all personnel are aware of and acknowledge their information security responsibilities.
💼 12.1.4 Responsibility for information security is formally assigned to a Chief Information Security Officer or other information security knowledgeable member of executive management.