[PCI DSS 3.0] 10.6.3 Follow up exceptions and anomalies identified during the review process.

10.6.3 Follow up exceptions and anomalies identified during the review process.

10.6.3.a Examine security policies and procedures to verify that procedures are defined for following up on exceptions and anomalies identified during the review process.

10.6.3.b Observe processes and interview personnel to verify that follow-up to exceptions and anomalies is performed.

If exceptions and anomalies identified during the log-review process are not investigated, the entity may be unaware of unauthorized and potentially malicious activities that are occurring within their own network.