12.1.3 Verify that the information security policy is reviewed at least annually and updated as needed to reflect changes to business objectives or the risk environment
[PCI DSS 1.x] 12.1.3 Includes a review at least once a year and updates when the environment changes
[READ-ONLY] Archives
[RETIRED] PCI DSS v.1.x Questions and Answers
Maintain an Information Security Policy