Document Comparison
asv_compliance_test_agreement.pdf
→
asv_compliance_test_agreement_v2.0.pdf
79% similar
13 → 19
Pages
7337 → 9835
Words
22
Content Changes
Content Changes
22 content changes. 25 administrative changes (dates, page numbers) hidden.
Added
p. 10
(a) Without limiting the rights of PCI SSC as set forth elsewhere in this Agreement, in the event that PCI SSC determines that Vendor meets any condition for revocation of ASV qualification as established by PCI SSC from time to time, including without limitation, the conditions described in the Validation Requirements (each such condition a “Violation”), PCI SSC may, effective immediately upon notice of such Violation to Vendor, revoke Vendor's qualification as an Approved Scanning Vendor, subject to reinstatement pending a successful appeal in accordance with clause 7.5(b) below ("Revocation"). In the event of any Revocation: (i) Vendor will be removed from the ASV List, (ii) Vendor shall comply with clauses 7.4(i), 7.4(ii) and 7.4(iii) above in the manner otherwise required if this Agreement had been terminated, (iii) Vendor shall promptly inform all Vendor Clients with which it is then engaged to perform testing, scanning or assessment services as part …
Added
p. 16
City: State/Province:
City: State/Province:
Country: Postal Code:
Country: Postal Code:
Applicable Fees (see Schedule 1):
City: State/Province:
Country: Postal Code:
Country: Postal Code:
Applicable Fees (see Schedule 1):
Added
p. 17
The most current program fees are available at https://www.pcisecuritystandards.org/fees Testing stage Observation Scope Fee Initial Testing Includes one Testing session.
Initial registration Administrative process Test infrastructure reservation and actual Test Assessment of scan results and scan report (English version) Invoiced upon Effective Date.
Annual Maintenance Includes one Testing session.
Administrative process Test infrastructure reservation and actual Test Assessment of scan results and scan report (English version) Invoiced upon the date when Annual Maintenance Testing is performed.
New Testing as per clauses 3.1 and 3.2 Testing of each Security Solution in case of significant changes as provided in clauses 3.1 and 3.2. Includes one Testing session .
Administrative process Test infrastructure reservation and actual Test Assessment of scan results and scan report (English version) Invoiced upon the date when New Testing is performed.
Additional If during initial Testing, annual maintenance Testing and/or Testing pursuant to clauses 3.1 …
Initial registration Administrative process Test infrastructure reservation and actual Test Assessment of scan results and scan report (English version) Invoiced upon Effective Date.
Annual Maintenance Includes one Testing session.
Administrative process Test infrastructure reservation and actual Test Assessment of scan results and scan report (English version) Invoiced upon the date when Annual Maintenance Testing is performed.
New Testing as per clauses 3.1 and 3.2 Testing of each Security Solution in case of significant changes as provided in clauses 3.1 and 3.2. Includes one Testing session .
Administrative process Test infrastructure reservation and actual Test Assessment of scan results and scan report (English version) Invoiced upon the date when New Testing is performed.
Additional If during initial Testing, annual maintenance Testing and/or Testing pursuant to clauses 3.1 …
Added
p. 18
All invoices shall be payable by Vendor within thirty (30) days calculated as from the date of receipt of the invoice. Payment to PCI SSC should be made in US dollars (USD) by wire transfer to PCI SSC's bank account as mentioned on the PCI SSC invoice(s).
The amounts listed in this Schedule 1 do not include taxes, such as value added taxes (VAT), sales, excise, gross receipts and withholding taxes, universal service fund fee, and any similar tax or any government imposed fees or surcharges which may be applicable thereto and Vendor agrees to pay all such applicable taxes or fees, which will be invoiced to Vendor in accordance with local law. Vendor agrees to pay or reimburse PCI SSC for all such taxes or fees, excluding tax on PCI SSC's income. In respect of withholding tax, Vendor will pay such additional amounts as may be necessary, such that PCI …
The amounts listed in this Schedule 1 do not include taxes, such as value added taxes (VAT), sales, excise, gross receipts and withholding taxes, universal service fund fee, and any similar tax or any government imposed fees or surcharges which may be applicable thereto and Vendor agrees to pay all such applicable taxes or fees, which will be invoiced to Vendor in accordance with local law. Vendor agrees to pay or reimburse PCI SSC for all such taxes or fees, excluding tax on PCI SSC's income. In respect of withholding tax, Vendor will pay such additional amounts as may be necessary, such that PCI …
Added
p. 19
Your ASV compliant status, and that of the abovementioned Security Solution, is effective upon dispatch of this Compliance Notification and shall remain valid as provided in the Agreement.
Because ASV compliant status is subject to various limitations, including certain events of termination, you and any third parties should confirm that such compliance status is current and has not been terminated by referring to the list of ASVs published on the PCI SSC web site at http://www.pcisecuritystandards.org.
Thank you for your support of the PCI Approved Scanning Vendor Compliance Test Program.
Yours Sincerely, ****Security Solution to be identified in an appendix to this Compliance Notification****
Because ASV compliant status is subject to various limitations, including certain events of termination, you and any third parties should confirm that such compliance status is current and has not been terminated by referring to the list of ASVs published on the PCI SSC web site at http://www.pcisecuritystandards.org.
Thank you for your support of the PCI Approved Scanning Vendor Compliance Test Program.
Yours Sincerely, ****Security Solution to be identified in an appendix to this Compliance Notification****
Removed
p. 1
PCICo and Vendor are hereinafter collectively referred to as the "Parties".
E. PCICo is willing to assist and to check whether such Security Solutions are compliant with the
E. PCICo is willing to assist and to check whether such Security Solutions are compliant with the
Modified
p. 1
A. PCICo is an international consortium of payment systems companies, established by its founding Members to maintain, develop and support the implementation of standards relating to payment account security.
PCI SSC and Vendor are hereinafter collectively referred to as the "Parties." A. PCI SSC is an international consortium of payment systems companies, established by its founding Members to maintain, develop and support the implementation of standards relating to payment account security.
Modified
p. 1
B. PCICo offers a cost-effective, global security solution called the PCI Approved Scanning Vendor Compliance Test Program ("ASV Program"), which provides security compliance solution vendors with the ability to deploy security compliance programs to assist their Vendor Clients to better protect against illegitimate network intrusions and account data compromises (collectively, "Vendor Services").
B. PCI SSC offers a cost-effective, global security solution called the PCI Approved Scanning Vendor Compliance Test Program ("ASV Program"), which provides security compliance solution vendors with the ability to deploy security compliance programs to assist their Vendor Clients to better protect against illegitimate network intrusions and account data compromises (collectively, "Vendor Services").
Modified
p. 1
C. As part of the ASV Program, PCICo publishes the PCI Standard.
C. As part of the ASV Program, PCI SSC publishes the PCI Standard.
Modified
p. 1
PCI Standard and Vendor meets the requirements for PCICo-approved scanning vendors ("ASVs"). In case a Security Solution is deemed compliant with the PCI Standard and Vendor meets such requirements, Vendor will be entitled to present itself to Vendor Clients as an ASV with respect to such Security Solution in the framework of the ASV Program, as provided in this Agreement.
E. PCI SSC is willing to assist and to check whether such Security Solutions are compliant with the PCI Standard and Vendor meets the requirements for PCI SSC-approved scanning vendors ("ASVs"). In case a Security Solution is deemed compliant with the PCI Standard and Vendor meets such requirements, Vendor will be entitled to present itself to Vendor Clients as an ASV with respect to such Security Solution in the framework of the ASV Program, as provided in this Agreement.
Modified
p. 1
F. Vendor has submitted an online application form requesting participation in the ASV Program and PCICo has considered Vendor as eligible to move to the initial approval Testing phase of the ASV Program.
F. Vendor has submitted an online application form requesting participation in the ASV Program and PCI SSC has considered Vendor as eligible to move to the initial approval Testing phase of the ASV Program.
Modified
p. 2
"Compliance Notification" shall mean the letter in the form attached as Schedule 2, which is hereby incorporated into this Agreement; "Confidential Information" shall mean (i) all terms of this Agreement; (ii) any and all information designated in this Agreement as Confidential Information; (iii) any and all originals or copies of, any information that either Party has identified in writing as confidential at the time of disclosure; and (iv) any and all Personal Information, proprietary information, merchant information, technical information or …
"Compliance Notification" shall mean the letter in the form attached as Schedule 2, which is hereby incorporated into this Agreement; "Confidential Information" shall mean (i) all terms of this Agreement; (ii) any and all information designated in this Agreement as Confidential Information; (iii) any and all originals or copies of, any information that either Party has identified in writing as confidential at the time of disclosure; and (iv) any and all Personal Information, proprietary information, merchant information, technical information or …
Modified
p. 2
"Intellectual Property Rights" shall mean all present and future patents, trade marks, service marks, design rights, database rights (whether registrable or unregistrable, and whether registered or not), applications for any of the foregoing, copyright, know-how, trade secrets, and all other industrial or intellectual property rights or obligations whether registrable or unregistrable and whether registered or not in any country; "Member" means a then current member of PCI Security Standards Council, LLC.
"Intellectual Property Rights" shall mean all present and future patents, trade marks, service marks, design rights, database rights (whether registrable or unregistrable, and whether registered or not), applications for any of the foregoing, copyright, know-how, trade secrets, and all other industrial or intellectual property rights or obligations whether registrable or unregistrable and whether registered or not in any country; "Member" means an entity then legally admitted as a member of PCI Security Standards Council, LLC in accordance with the Delaware …
Modified
p. 2
"PCI Standard" means the then current version of the PCI Data Security Standard, the current version of which is accessible on the PCICo web site at http://www.pcisecuritystandards.org (the "Website"); "Related Company" shall mean each entity that directly or indirectly, controls, is controlled by, or is under common control with Vendor, and any entity in which Vendor holds any investment in excess of 5%.
"PCI Standard" means the then-current version of the PCI Data Security Standard, the current version of which is accessible on the PCI SSC web site at http://www.pcisecuritystandards.org (the "Website"); "Related Company" shall mean each entity that directly or indirectly, controls, is controlled by, or is under common control with Vendor, and any entity in which Vendor holds any investment in excess of 5%.
Modified
p. 2
"Security Solution" means a solution (consisting of the applicable administration process, scanning tools and reporting system for such solution) that Vendor believes is compliant with the PCI Standard and which is to be assessed during the Testing phase of the ASV Program. Each Security Solution is identified and referred to in the applicable Compliance Notification (as further described in clause 5.1(b)).
"Security Solution" means a solution (consisting of the applicable administration process, scanning tools and reporting system for such solution) that Vendor believes is compliant with the PCI Standard and which is to be assessed during the Testing phase of the ASV
Modified
p. 2 → 3
"Testing" means evaluating a Security Solution to determine whether or not it complies with the PCI Standard; "Test" and "Tested" will be interpreted accordingly;
"Testing" means evaluating a Security Solution to determine whether or not it complies with the PCI Standard; "Test" and "Tested" will be interpreted accordingly; "Vendor Client" means any member financial institution of a Member (each a "Financial Institution"), issuer of Member payment cards (each an "Issuer"), merchant authorized to accept any Member payment cards (each a "Merchant"), acquirer of Merchant accounts (“Acquirer”) or data processing entity performing services for any Financial Institution, Issuer, Merchant or Acquirer (“Processor”).
Modified
p. 3
Clauses 1 to 14 Schedule 1: Fees Schedule 2: Compliance Notification (sample) 2 Vendor obligations 2.1 Vendor shall provide all reasonable assistance as well as accurate information and documentation to PCICo and its agents as may be needed for the purpose of Testing.
Clauses 1 to 14 Schedule 1: Fees Schedule 2: Compliance Notification (sample) 2 Vendor obligations 2.1 Vendor shall provide all reasonable assistance as well as accurate information and documentation to PCI SSC and its agents as may be needed for the purpose of Testing.
Modified
p. 5 → 6
(a) As long as Vendor is in Good Standing (as defined below) as an ASV, PCICo may, at its sole discretion, display the identification of Vendor and each Security Solution that complies with the PCI Standard, together with information as to such compliance, in such publicly available list of ASVs as PCICo may maintain and/or distribute from time to time, whether on the Website or otherwise (the "ASV List"). Vendor shall provide all requested information necessary to ensure to PCICo's …
(a) As long as Vendor is in Good Standing (as defined below) as an ASV, PCI SSC may, at its sole discretion, display the identification of Vendor and each Security Solution that complies with the PCI Standard, together with information as to such compliance, in such publicly available list of ASVs as PCI SSC may maintain and/or distribute from time to time, whether on the Website or otherwise (the "ASV List"). Vendor shall provide all requested information necessary to ensure …
Modified
p. 5 → 6
(b) If Vendor is in Good Standing and PCICo issues a Compliance Notification (in the form set out in Schedule 2) confirming that a given Security Solution is deemed compliant with the PCI Standard and that PCICo has approved Vendor as an ASV, Vendor may disclose and advertise the same and the existence of such Compliance Notification, in accordance with the terms of such Compliance Notification. In the event that Vendor is no longer in Good Standing as an ASV, …
(b) If Vendor is in Good Standing and PCI SSC issues a Compliance Notification (in the form set out in Schedule 2) confirming that a given Security Solution is deemed compliant with the PCI Standard and that PCI SSC has approved Vendor as an ASV, Vendor may disclose and advertise the same and the existence of such Compliance Notification, in accordance with the terms of such Compliance Notification. In the event that Vendor is no longer in Good Standing as …
Modified
p. 6
(c) Vendor shall make no use of PCICo or Member marks without the prior written consent of PCICo or the applicable Member that owns such marks, as the case may be. Without limitation of the foregoing, Vendor shall have no authority and consequently shall not make any statement that would constitute any implied or express endorsement, recommendation or warranty by PCICo regarding Vendor, the Vendor Services or products (including but not limited to Vendor's Security Solution(s)) or the functionality, quality …
(c) Vendor shall make no use of PCI SSC or Member marks without the prior written consent of PCI SSC or the applicable Member that owns such marks, as the case may be. Without limitation of the foregoing, Vendor shall have no authority and consequently shall not make any statement that would constitute any implied or express endorsement, recommendation or warranty by PCI SSC regarding Vendor, the Vendor Services or products (including but not limited to Vendor's Security Solution(s)) or …
Removed
p. 13
State/Province: Country: Postal Regions Applying For (see Appendix D):
Modified
p. 13 → 16
Principal Contact Person’s Name: