12.5 Assign to an individual or team the following information security management responsibilities: (See 12.5.#)
12.5 Examine information security policies and procedures to verify:
• The formal assignment of information security to a Chief Security Officer or other security-knowledgeable member of management.
• The following information security responsibilities are specifically and formally assigned:
Each person or team with responsibilities for information security management should be clearly aware of their responsibilities and related tasks, through specific policy. Without this accountability, gaps in processes may open access into critical resources or cardholder data.