What must a PCI-compliant incident response plan include?
-
A
Roles and responsibilities, communication procedures, containment strategies, forensic investigation steps, and recovery procedures
-
B
Only a phone number for the IT department
-
C
A plan to notify customers within one year
-
D
Only a written apology template for affected customers