Common use of Compliance for In-Scope Services Clause in Contracts

Compliance for In-Scope Services. Vendor covenants and agrees to comply with all information security and privacy obligations imposed by any federal, state, or local statute or regulation, or by any industry standards or guidelines, as applicable based on the classification of the data relevant to Vendor’s performance under the Agreement. Such obligations may arise from: Health Information Portability and Accountability Act (HIPAA); IRS Publication 1075; Payment Card Industry Data Security Standard (PCI-DSS); FBI Criminal Justice Information Service Security Addendum; CMS Minimum Acceptable Risk Standards for Exchanges and further covenants and agrees to maintain compliance with the same when appropriate for the data and Services provided under the Agreement. Vendor further agrees to exercise reasonable due diligence to ensure that all of its Vendors, agents, business partners, Vendor’s, Subcontractors and any person or entity that may have access to City Data under this Agreement maintain compliance with and comply in full with the terms and conditions set out in this Section. Notwithstanding a Force Majeure event, the respective processing, handling, and security standards and guidelines referenced by this section may be revised or changed from time to time or City Data may be utilized within the Services that change the compliance requirements. If compliance requirements change, Vendor and Xxxxxxxx shall collaborate in good faith and use all reasonable efforts to become or remain compliant as necessary under this section. If compliance is required or statutory and no reasonable efforts are available, Xxxxxxxx at its discretion may terminate the Agreement for cause.

Compliance for In-Scope Services. Vendor covenants and agrees to comply with all information security and privacy obligations imposed by any federal, state, or local statute or regulation, or by any industry standards or guidelines, as applicable based on the classification of the data relevant to Vendor’s performance under the Agreement. Such obligations may arise from: Health Information Portability and Accountability Act (HIPAA); IRS Publication 1075; Payment Card Industry Data Security Standard (PCI-DSS); FBI Criminal Justice Information Service Security Addendum; CMS Minimum Acceptable Risk Standards for Exchanges and further covenants and agrees to maintain compliance with the same when appropriate for the data and Services provided under the Agreement. Vendor further agrees to exercise reasonable due diligence to ensure that all of its Vendors, agents, business partners, Vendor’s, Subcontractors and any person or entity that may have access to City Data under this Agreement maintain compliance with and comply in full with the terms and conditions set out in this Section. Notwithstanding a Force Majeure event, the respective processing, handling, and security standards and guidelines referenced by this section may be revised or changed from time to time or City Data may be utilized within the Services that change the compliance requirements. If compliance requirements change, Vendor and Xxxxxxxx shall collaborate in good faith and use all reasonable efforts to become or remain compliant as necessary under this section. If compliance is required or statutory and no reasonable efforts are available, Xxxxxxxx Thornton at its discretion may terminate the Agreement for cause.