Common use of Data Security Standards Clause in Contracts

Data Security Standards. You shall: 20.1.15.1. comply with the Data Security Standards. 20.1.15.2. produce to Elavon evidence of compliance with the Data Security Standards on ▇▇▇▇▇▇’s request, save where you are a PCI Level 3 or Level 4 Customers that subscribes to a Solution (as described further in Schedule 2. 20.1.15.3. procure that all Third Party Vendors from whom you receive Value Added Services or Terminals and any agents, sub-contractors or third parties used by you, comply with the Data Security Standards, together with any additional data security standards of the PCI SSC. 20.1.15.4. in the event that you become aware of or suspect any security breach or compromise of Cardholder or Transaction data or information by you or any Third Party Vendors from whom you receive Value Added Services or Terminals and any agents, sub-contractors or third parties used by you (whether or not you have complied with the Data Security Standards): 20.1.15.4.1. immediately (and in any event within 24 hours) notify Elavon of your awareness or suspicion, identify and resolve the cause of the security breach or compromise in question, co-operate, provide any assistance and act on the reasonable instructions of ▇▇▇▇▇▇ (which may include the procurement, at your cost and within the timescales we stipulate, of any forensic report from a third party recommended by us or the Card Schemes, and compliance with all recommendations suggested in such report to improve your data security); 20.1.15.4.2. reasonably procure that where Cardholder or Transaction data or information is stored for you by a Third Party Vendor or your agent, sub-contractor or any third party used by you, that such Third Party Vendor or agent, sub-contractor or third party also co-operates with us and acts on our reasonable instructions as set out in section 20.1.15.4.1 above; 20.1.15.4.3. ensure and procure that ▇▇▇▇▇▇ has the right to review and comment on any forensic investigation report prepared by a forensic investigator (as set out in section 20.1.15.4.1 above), before it is submitted to the Card Schemes; and 20.1.15.4.4. be responsible for your own actions, omissions or failures to act, those of your Affiliates, officers, directors, shareholders, employees and agents, including any Third Party Vendors or agent or sub-contractor or third party with whom you contract to perform services for you in relation to compliance with this section. 20.1.15.5. in the event that we reasonably suspect (including where we are informed by a Card Scheme that they suspect) any security breach or compromise of Cardholder or Transaction data or information by you or any Third Party Vendors from whom you receive Value Added Services or Terminals and any agents, sub-contractors or third parties used by you (whether or not you have complied with the Data Security Standards): 20.1.15.5.1. ((if required by us) instruct at your own cost and within the timescales we stipulate, a forensic report from a third party recommended by us or the Card Schemes, and comply with all recommendations suggested in such report to improve your data security); and 20.1.15.5.2. comply with the provisions of sections 20.1.15.4.2 and 20.1.15.4.4 above as if they apply to this section 20.1.15.5.