| 💼 12.5.1 An inventory of system components that are in scope for PCI DSS, including a description of function/use, is maintained and kept current. | | | 1 | | no data |
| 💼 12.5.2 PCI DSS scope is documented and confirmed by the entity at least once every 12 months and upon significant change to the in-scope environment. | 1 | | | | no data |
|  💼 12.5.2.1 PCI DSS scope is documented and confirmed by the entity at least once every six months and upon significant change to the in-scope environment. | | | | | no data |
| 💼 12.5.3 Significant changes to organizational structure result in a documented (internal) review of the impact to PCI DSS scope and applicability of controls, with results communicated to executive management. | | | | | no data |