12.5.3 Establish, document, and distribute security incident response and escalation procedures to ensure timely and effective handling of all situations.
12.5.3 Verify that responsibility for establishing,
documenting, and distributing security incident response and escalation procedures is formally assigned.
Each person or team with responsibilities for information security management should be clearly aware of their responsibilities and related tasks, through specific policy. Without this accountability, gaps in processes may open access into critical resources or cardholder data.