If you're classified as a service provider, you are required to implement a process for internal quarterly review of critical security procedures to ensure those procedures are operating effectively. You also need to perform and maintain documentation of the quarterly review process.
Click to see a short video on PCI DSS 3.2’s Section 12.11 and 12.11.1 requirements.
Freed Maxick 12.11 and 12.11.1 Guidance
Quarterly reviews of PCI procedures help to promote accountability within the organization. It is essential to document the results of all quarterly reviews and train employees to be familiar with specific PCI requirements. Retaining appropriate documentation and evidence of quarterly reviews helps to support the completion of required PCI DSS procedures.
Our PCI DSS Resources