Security Issue Procedures Sample Clauses

Security Issue Procedures. In the event Vendor becomes aware of a Security Issue with respect to a given Listed Product of Vendor (or TPS or Component incorporated into such Listed Product), Vendor shall comply with its Vulnerability Handling Policies and, promptly (but in any event within 90 days of so becoming aware) provide written notice of such Security Issue to PCI SSC (each a “Security Issue Notice”), including in such notice: (1) the names, PCI SSC approval numbers and any other relevant identifiers of each Listed Product of Vendor that Vendor reasonably believes may be impacted by such Security Issue; (2) a description of the general nature of the Security Issue; (3) Vendor’s good faith assessment, to Vendor’s knowledge at the time, as to the severity of the vulnerability or vulnerabilities associated with the Security Issue (using CVSS scoring or an alternative industry accepted standard that is reasonably acceptable to PCI SSC) (a “Severity Assessment”); and (4) Vendor’s good faith determination, based on Vendor’s knowledge at the time, as to whether the Security Issue is a Unique Security Issue (a “Uniqueness Determination”). Upon receipt of any Security Issue Notice, PCI SSC may, in its sole discretion and without any further action: (1) Revoke the Listed Product(s) identified therein and (2) take any or all other action(s) permitted under this Agreement or the Program Documents in connection with a Security Issue. A Listed Product delisted (and/or with respect to which Acceptance has been Revoked) in connection with a Security Issue will not be reinstated or re-listed until all of the following conditions have been satisfied to PCI SSC’s satisfaction: (1) Vendor has released and made available to all users of such Product an appropriate Fix resolving such Security Issue; (2) Vendor has fully executed all of its responsibilities to communicate regarding such Security Issue with all applicable Vendor Customers in accordance with Vendor's Vulnerability Handling Policies; (3) Vendor has engaged an Assessor to perform a Contracted Assessment of such Product as corrected by the Fix (or, if approved by PCI SSC, a Contracted Assessment of the Fix in conjunction with such Product) in accordance with the applicable Program Requirements; (4) Vendor has fully apprised such Assessor of such Security Issue prior to such Assessor commencing such Contracted Assessment; (5) as a result of such Contracted Assessment, such Assessor has delivered to PCI SSC, and PCI SSC has Accepted, a co...
Sample 1Sample 2Sample 3See All (5)
AutoNDA by SimpleDocs
Security Issue Procedures. (A) In the event Vendor becomes aware of a Security Issue with respect to a given Listed Product of Vendor (or TPP incorporated into or referenced by any such Listed Product), Vendor shall comply with its Vulnerability Handling Policies and, promptly (but in any event within 90 days of so becoming aware) provide written notice of such Security Issue to PCI SSC (each a “Security Issue Notice”), including in such notice: (1) the names, PCI SSC approval numbers and any other relevant identifiers of each Listed Product of Vendor (and any TPPs incorporated therein or referenced thereby) that Vendor reasonably believes may be impacted by such Security Issue; (2) a description of the general nature of the Security Issue; (3) Vendor’s good faith assessment, to Vendor’s knowledge at the time, as to the severity of the vulnerability or vulnerabilities associated with the Security Issue (using CVSS scoring or an alternative industry accepted standard that is reasonably acceptable to PCI SSC) (a “Severity Assessment”); and (4) Vendor’s good faith determination, based on Vendor’s knowledge at the time, as to whether the Security Issue is a Unique Security Issue (a “Uniqueness Determination”).
Sample 1
Security Issue Procedures. (A) In the event Vendor becomes aware of a Security Issue with respect to a given Product of Vendor, Vendor shall promptly (but in any event within 24 hours) provide written notice of such Security Issue to PCI SSC (each a “Security Issue Notice”), including in such notice: (1) the name, PCI SSC approval number and any other relevant identifiers of the Product; (2) a description of the general nature of the Security Issue; (3) Vendor’s good faith assessment, to Vendor’s knowledge at the time, as to the severity of the vulnerability or vulnerabilities associated with the Security Issue (using CVSS scoring or an alternative industry accepted standard that is reasonably acceptable to PCI SSC) (a “Severity Assessment”); and (4) Vendor’s good faith determination, based on Vendor’s knowledge at the time, as to whether the Security Issue is a Unique Security Issue (a “Uniqueness Determination”).
Sample 1

Related to Security Issue Procedures

  • Administrative Procedures Administrative procedures with respect to the sale of Notes shall be agreed upon from time to time by the Agents and the Company (the "Procedures"). The Agents and the Company agree to perform the respective duties and obligations specifically provided to be performed by them in the Procedures.

  • AML/KYC Procedures “AML/KYC Procedures” means the customer due diligence (CDD) procedures of a Reporting Financial Institution pursuant to the anti-money laundering or similar requirements of the jurisdiction concerned to which such Reporting Financial Institution is subject.

  • Security Procedures The Fund shall comply with data access operating standards and procedures and with user identification or other password control requirements and other security procedures as may be issued from time to time by State Street for use of the System on a remote basis and to access the Data Access Services. The Fund shall have access only to the Fund Data and authorized transactions agreed upon from time to time by State Street and, upon notice from State Street, the Fund shall discontinue remote use of the System and access to Data Access Services for any security reasons cited by State Street; provided, that, in such event, State Street shall, for a period not less than 180 days (or such other shorter period specified by the Fund) after such discontinuance, assume responsibility to provide accounting services under the terms of the Custodian Agreement.

  • Issue Resolution Procedures As soon as possible after any occupational health and safety issue has been reported, the company’s or management representative and elected safety representative must meet to try to resolve the issue. The resolution of the issue must take into account those of the following factors that are relevant: o Whether the hazard or risk can be isolated o The number and location of employees affected o Whether appropriate temporary measures are possible or desirable o Whether environmental monitoring is desirable o The time that may elapse before the hazard or risk is permanently corrected o Who is responsible for performing work and overseeing the removal of the hazard or risk. As soon as possible after the resolution of an issue, details of the agreement must be brought to the attention of affected employees in an appropriate manner. Should the matter not be resolved, the issue shall be dealt with in line with Clause 20 of the VBIA “Safety Disputes Resolution Procedure”.

  • Application Procedures a) An employee applies for a listing on the system-wide registry through the employee’s Human Resources Department by completing the form in Appendix B.

  • Disbursement Procedures The Issuing Bank shall, promptly following its receipt thereof, examine all documents purporting to represent a demand for payment under a Letter of Credit. The Issuing Bank shall promptly notify the Administrative Agent and the Borrower by telephone (confirmed by telecopy) of such demand for payment and whether the Issuing Bank has made or will make an LC Disbursement thereunder; provided that any failure to give or delay in giving such notice shall not relieve the Borrower of its obligation to reimburse the Issuing Bank and the Lenders with respect to any such LC Disbursement.

  • RECOVERY PROCEDURES The nature and severity of any disaster will influence the recovery procedures. One crucial factor in determining how BellSouth will proceed with restoration is whether or not BellSouth's equipment is incapacitated. Regardless of who's equipment is out of service, BellSouth will move as quickly as possible to aid with service recovery; however, the approach that will be taken may differ depending upon the location of the problem.

  • Policies & Procedures As an employee of the Company, Employee will be expected to abide by all of the Company's policies and procedures, including (without limitation) the terms of any Company handbook, xxxxxxx xxxxxxx policy and code of ethics in effect from time to time.

  • CUSTOMS PROCEDURES 1. Each Party shall endeavour to apply its customs procedures in a predictable, consistent and transparent manner.

  • Notification Procedures To address non-compliance, the receiving Competent Authority would notify the providing Competent Authority pursuant to Article 5 of the IGA. The notification procedures would differ depending upon whether the receiving Competent Authority seeks to address administrative or other minor errors or significant non-compliance.

Time is Money Join Law Insider Premium to draft better contracts faster.