[PCI DSS 3.0] 12.4 Ensure that the security policy and procedures clearly define information security responsibili

12.4 Ensure that the security policy and procedures clearly define information security responsibilities for all personnel.

12.4.a Verify that information security policies clearly define information security responsibilities for all personnel.

12.4.b Interview a sample of responsible personnel to verify they understand the security policies.

Without clearly defined security roles and responsibilities assigned, there could be inconsistent interaction with the security group, leading to unsecured implementation of technologies or use of outdated or unsecured technologies.