Top 10 PCI Failing Requirements

Fri 18th Aug 2017
Top 10 PCI Failing Requirements

Top 10 requirements that businesses fail on for PCI compliance.

1) Requirement 12.5.3: Establish, document and distribute security incident response and escalation procedures to ensure timely and effective handling all situations.

2) Requirement 12.6: Implement a formal security awareness program to make all personnel aware of the card holder data security policy and procedures.

3) Requirement 12.10.1: Create the incident response plan to be implemented in the event of system breach.

4) Requirement 12.1: Establish, publish, maintain, and disseminate a security policy

5) Requirement 12.8.5: Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity.

6) Requirement 12.8.4: Maintain a program to monitor service providers’ PCI DSS compliance status at least annually

7) Requirement 9.9.2.b: Verify personnel are aware of procedures for inspecting devices and that devices are periodically inspected for evidence of tampering.

8) Requirement 9.9.2.a: Verify documented processes include procedures for inspecting devices and frequency of inspections.

9) Requirement 12.4: Ensure that the security policy and procedures clearly define information security responsibilities for all personnel.

10) Requirement 12.1.1: Review the security policy at least annually and update the policy when the environment changes.

Find Out More Contact Us

Become PCI Compliant