7.3 Ensure that security policies and operational procedures for restricting access to cardholder data are documented, in use, and known to all affected parties.
7.3 Examine documentation interview personnel to verify that security policies and operational procedures for restricting access to cardholder data are:
• Documented,
• In use, and
• Known to all affected parties.
Personnel need to be aware of and following security policies and operational procedures to ensure that access is controlled and based on need- to-know and least privilege, on a continuous basis.