- 12.9.1 Verify that the Incident Response Plan and related procedures include
- roles, responsibilities, and communication strategies in the event of a compromise
- coverage and responses for all critical system components
- notification, at a minimum, of credit card associations and acquirers
- strategy for business continuity post compromise
- reference or inclusion of incident response procedures from card associations
- analysis of legal requirements for reporting compromises (for example, per California bill 1386, notification of affected consumers is a requirement in the event of an actual or suspected compromise, for any business with California residents in their database)
[PCI DSS 1.x] 12.9.1 Create the incident response plan to be implemented in the event of system compromise. Ensure
[READ-ONLY] Archives
[RETIRED] PCI DSS v.1.x Questions and Answers
Maintain an Information Security Policy