Cardholder Data. To the extent applicable, Successful Respondent shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Center, Successful Respondent shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of, or otherwise unauthorized access to, Cardholder Data stored by or for Successful Respondent, Successful Respondent shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Successful Respondent’s facilities and all pertinent records to conduct a review of Successful Respondent’s compliance with these requirements. Successful Respondent shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster, or failure of Successful Respondent’s primary data systems which involve a risk to Cardholder Data. Successful Respondent shall provide access to its security systems and procedures, as requested by DIR or its designee. Successful Respondent shall cooperate fully with any reviews of their facilities and records provided for in this Section. Successful Respondent will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Appears in 5 contracts
Samples: Mainframe Services Master Services Agreement, Master Services Agreement, Master Services Agreement
Cardholder Data. To the extent applicable, Successful Respondent shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Center, Successful Respondent shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIR, or as required by applicable law. In the event of a breach or intrusion of, or otherwise unauthorized access to, Cardholder Data stored by or for Successful Respondent, Successful Respondent shall immediately notify DIR, in the manner required, and provide DIR or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Successful Respondent’s facilities and all pertinent records to conduct a review of Successful Respondent’s compliance with these requirements. Successful Respondent shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster, or failure of Successful Respondent’s primary data systems which involve a risk to Cardholder Data. Successful Respondent shall provide access to its security systems and procedures, as reasonably requested by DIR or its designee. Successful Respondent shall cooperate fully with any reviews of their facilities and records provided for in this SectionSection 13.5(d). Successful Respondent will comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Appears in 2 contracts
Samples: Master Services Agreement, Master Services Agreement
Cardholder Data. To the extent applicablemade applicable in connection with its delivery of the Services as expressly set forth in Exhibit 2 or a Work Order, Successful Respondent Service Provider shall comply with the Payment Card Industry Data Security Standard ("PCI DSS") with respect to Cardholder Data as defined therein. With respect to Services provided from a Consolidated Data Center or that support a Consolidated Data Centersuch Services, Successful Respondent Service Provider shall have access to Cardholder Data only for the limited purpose of performing the Services or as specifically agreed to by Visa, MasterCard, American Express, and/or Discover (collectively, the "Issuers"), DIRTxDOT, or as required by applicable law. In the event of a breach or intrusion of, of or otherwise unauthorized access to, to Cardholder Data stored by or for Successful RespondentService Provider, Successful Respondent Service Provider shall immediately notify DIRTxDOT, in the manner required, and provide DIR TxDOT or its designee, the Issuers, and the acquiring financial institution and their respective designees access to Successful Respondent’s Service Provider's facilities and all pertinent records to conduct a review of Successful Respondent’s Service Provider's compliance with these requirements. Successful Respondent Service Provider shall maintain appropriate business continuity procedures and systems to ensure security of Cardholder Data in the event of a disruption, disaster, disaster or failure of Successful Respondent’s Service Provider's primary data systems which involve a risk to Cardholder Data. Successful Respondent Service Provider shall provide access to its security systems and procedures, as reasonably requested by DIR TxDOT or its designee. Successful Respondent Service Provider shall cooperate fully with any reviews of their facilities and records provided for in this SectionSection 13.5(d). Successful Respondent will Service Provider shall comply with any assessment, validation, or verification of PCI DSS rules and regulations.
Appears in 1 contract
Samples: Master Services Agreement
