Regularly test security systems and processes in line with PCI DSS requirements

Regular security assessment of systems and processes is among the key controls mandated by PCI DSS to protect cardholder data.

Requirement 11 of the standard outlines the need for organisations to perform internal and external penetration testing at least annually, or after any significant changes to infrastructure.