4.3 Examine documentation and interview personnel to verify that security policies and operational procedures for encrypting transmissions of cardholder data are:
• Documented,
• In use, and
• Known to all affected parties.
Personnel need to be aware of and following security policies and operational procedures for managing the secure transmission of cardholder data on a continuous basis.