The text discusses the withdrawal of the INFI and provides guidance in FAQ #1572 on using compensating controls for non-compliance situations. It details the criteria for assessors to consider when determining if a requirement can be deemed 'In Place', emphasizing the need for documented evidence following best practices. QSAs are advised to heavily document these situations in their workpapers, with key indicators including a repeatable and documented process, addressing the issue that led to the exception, and steps to prevent recurrence
A 'Not in Place' finding may be appropriate if these criteria cannot be adequately demonstrated. This FAQ serves as guidance on moving forward without the INFI, emphasizing the importance of thorough documentation and assessment in determining compliance.https://pciguru.wordpress.com/2024/05/03/pay-attention-to-faq-1572/