PCI DSS 3.2 Req 12.11 and 12.11.1 - Views on Performing Quarterly Reviews and Maintaining Documentation of Quarterly Review Process

Back to main Blog

Senior Manager, Freed Maxick Risk Advisory Services

If you're classified as a service provider, you are required to implement a process for internal quarterly review of critical security procedures to ensure those procedures are operating effectively. You also need to perform and maintain documentation of the quarterly review process.

Click to see a short video on PCI DSS 3.2’s Section 12.11 and 12.11.1 requirements. 



Freed Maxick 12.11 and 12.11.1 Guidance   

Quarterly reviews of PCI procedures help to promote accountability within the organization. It is essential to document the results of all quarterly reviews and train employees to be familiar with specific PCI requirements. Retaining appropriate documentation and evidence of quarterly reviews helps to support the completion of required PCI DSS procedures.


Our PCI DSS Resources 

For more guidance on this issue and other PCI DSS requirements, read our blog post on new requirements for 2018, and see an overview of Freed Maxick PCI DSS Compliance services here. 

For a more detailed discussion of your organization’s situations and needs, contact us here or call me at 716.847.2651.


Stay up to date