Cardholder Data. To the extent applicable, Successful Respondent shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Center, Successful Respondent shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of, or otherwise unauthorized access to, Cardholder Data stored by or for Successful Respondent, Successful Respondent shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Successful Respondent’s facilities and all pertinent records to conduct a review of Successful Respondent’s compliance with these requirements. Successful Respondent shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster, or failure of Successful Respondent’s primary data systems which involve a risk to Cardholder Data. Successful Respondent shall provide access to its security systems and procedures, as requested by DIR or its designee. Successful Respondent shall cooperate fully with any reviews of their facilities and records provided for in this Section. Successful Respondent will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Appears in 5 contracts
Samples: Master Services Agreement, Master Services Agreement, Master Services Agreement
Cardholder Data. To the extent applicable, Successful Respondent shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Center, Successful Respondent shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of, or otherwise unauthorized access to, Cardholder Data stored by or for Successful Respondent, Successful Respondent shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Successful Respondent’s facilities and all pertinent records to conduct a review of Successful Respondent’s compliance with these requirements. Successful Respondent shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster, or failure of Successful Respondent’s primary data systems which involve a risk to Cardholder Data. Successful Respondent shall provide access to its security systems and procedures, as reasonably requested by DIR or its designee. Successful Respondent shall cooperate fully with any reviews of their facilities and records provided for in this SectionSection 13.5(d). Successful Respondent will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Appears in 2 contracts
Samples: Master Services Agreement, Master Services Agreement
Cardholder Data. To the extent applicablerequired by applicable law, Successful Respondent shall comply shall, in performing its development and maintenance services hereunder, develop and maintain Deliverables for the applicable DIR or DIR Customer System such that it complies with the Payment Card Industry Data Security Standard ("PCI DSS") ), as applicable, with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Center, Successful Respondent shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of, or otherwise unauthorized access to, Cardholder Data stored by or for Successful Respondent, Successful Respondent shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Successful Respondent’s facilities and all pertinent records to conduct a review of Successful Respondent’s compliance with these requirementssuch breach, intrusion, or unauthorized access. Successful Respondent shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster, or failure of Successful Respondent’s primary data systems which involve a risk to Cardholder Data. Successful Respondent shall provide access to its security systems and procedures, as requested by DIR or its designee. Successful Respondent shall cooperate fully with any reviews of their facilities and records provided for in this Section. Successful Respondent will comply with any assessment, validation, or verification of the Deliverables for their compliance with applicable PCI DSS rules and regulations.
Appears in 1 contract
Samples: Master Services Agreement
