12.6.2 Require personnel to acknowledge at least annually that they have read and understood the security policy and procedures

PCI DSS v3.2.1 Questions and Answers Forum Maintain an Information Security Policy
1

12.6.2 Require personnel to acknowledge at least annually that they have read and understood the security policy and procedures.

12.6.2 Verify that the security awareness program requires personnel to acknowledge, in writing or electronically, at least annually, that they have read and understand the information security policy.

Requiring an acknowledgement by personnel in writing or electronically helps ensure that they have read and understood the security policies/procedures, and that they have made and will continue to make a commitment to comply with these policies.