12.10.4 Personnel responsible for responding to suspected and confirmed security incidents are appropriately and periodically trained on their incident response responsibilities.
Defined Approach Requirements
12.10.4 Personnel responsible for responding to suspected and confirmed security incidents are appropriately and periodically trained on their incident response responsibilities.
Customized Approach Objective
Personnel are knowledgeable about their role and responsibilities in incident response and are able to access assistance and guidance when required.
Defined Approach Testing Procedures
12.10.4 Examine training documentation and interview incident response personnel to verify that personnel are appropriately and periodically trained on their incident response responsibilities.
Purpose
Without a trained and readily available incident response team, extended damage to the network could occur, and critical data and systems may become "polluted" by inappropriate handling of the targeted systems. This can hinder the success of a post-incident investigation.
Good Practice
It is important that all personnel involved in incident response are trained and knowledgeable about managing evidence for forensics and investigations.
Sub-Requirements
purpose
Review and update the incident response plan at least annually.
compliance strategies
- Annual review and update
- Version control
typical policies
- Incident Response Plan Review Procedure
common pitfalls
- Outdated plan
- No review evidence
type
Process/Documentation Control
difficulty
Low
key risks
- Ineffective response to new threats
recommendations
- Automate review reminders
Eligible SAQ
- SAQ-D MERCHANT
- SAQ-D SERVICE PROVIDER
Your perspective on this PCI DSS requirement matters! Share your implementation experiences, challenges, or questions below. Your insights help other organizations improve their compliance journey and build a stronger security community.Comment Policy