Requirement 12: Maintain a policy that addresses information security for all personnel.
Note: For the purposes of Requirement 12, “personnel” refers to full-time part-time employees, temporary employees and personnel, and
contractors and consultants who are “resident” on the entity’s site or otherwise have access to the company’s site cardholder data environment
Are policies and procedures maintained and
implemented to manage service providers with whom
cardholder data is shared, or that could affect the
security of cardholder data, as follows: