Top 10 requirements that businesses fail on for PCI compliance.
1) Requirement 12.5.3: Establish, document and distribute security incident response and escalation procedures to ensure timely and effective handling all situations.
2) Requirement 12.6: Implement a formal security awareness program to make all personnel aware of the card holder data security policy and procedures.
3) Requirement 12.10.1: Create the incident response plan to be implemented in the event of system breach.
4) Requirement 12.1: Establish, publish, maintain, and disseminate a security policy
5) Requirement 12.8.5: Maintain information about which PCI DSS requirements are managed by each service provider, and which are managed by the entity.
6) Requirement 12.8.4: Maintain a program to monitor service providers’ PCI DSS compliance status at least annually
7) Requirement 9.9.2.b: Verify personnel are aware of procedures for inspecting devices and that devices are periodically inspected for evidence of tampering.
8) Requirement 9.9.2.a: Verify documented processes include procedures for inspecting devices and frequency of inspections.
9) Requirement 12.4: Ensure that the security policy and procedures clearly define information security responsibilities for all personnel.
10) Requirement 12.1.1: Review the security policy at least annually and update the policy when the environment changes.