Requirement 12.9.1

Create the incident

response plan to be implemented in the event of system breach. Ensure the plan addresses the following, at a minimum:

␣ Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum

␣ Specific incident response procedures

␣ Business recovery and continuity procedures

␣ Data back-up processes ␣ Analysis of legal requirements

for reporting compromises ␣ Coverage and responses of all

critical system components ␣ Reference or inclusion of

incident response procedures from the payment brands