3.7 Examine documentation and interview personnel to verify that security policies and operational procedures for protecting stored cardholder data are:
• Documented,
• In use, and
• Known to all affected parties.
Personnel need to be aware of and following security policies and documented operational procedures for managing the secure storage of cardholder data on a continuous basis.