Common use of Compliance with Security Policies and Procedures Clause in Contracts

Compliance with Security Policies and Procedures. CONTRACTOR shall comply with: (i) security requirements and obligations required by applicable law; (ii) AGENCY Security Policies and Procedures; (iii) the then-current ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) ISO/IEC 27000 series of Information Security Management Systems standards; (iv) then-current Statement on Standards for Attestation Engagements (SSAE) No. 16, (v) then-current Payment Card Industry Data Security Standard (PCI DSS), and (vi) CONTRACTOR's security standards, policies, guidelines and procedures, provided that, at AGENCY’s discretion, AGENCY Security Policies and Procedures shall take precedence over any inconsistencies or conflicts with CONTRACTOR's security standards, polices, guidelines and procedures (subsections (i) through (iv) are collectively referred to as the "Security Policies and Procedures"). If there is a change in the Security Policies and Procedures from and after the Effective Date that CONTRACTOR disagrees with, CONTRACTOR may submit a Waiver Request. AGENCY will evaluate the Waiver Request and either approve it, whereupon CONTRACTOR shall not be obligated to comply change, or reject the Waiver Request, wherepon CONTRACTOR shall comply with such change.

Compliance with Security Policies and Procedures. CONTRACTOR VENDOR shall comply with: (i) security requirements and obligations required by applicable lawLaw; (ii) AGENCY Security Policies and Procedures; (iii) the then-current ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission) ISO/IEC 27000 series of Information Security Management Systems standards; and (iv) then-current Statement on Standards for Attestation Engagements (SSAE) No. 16, (v) then-current Payment Card Industry Data Security Standard (PCI DSS), and (vi) CONTRACTORVENDOR's security standards, policies, guidelines and procedures, provided that, at AGENCY’s discretion, that AGENCY Security Policies and Procedures shall take precedence over any inconsistencies or conflicts with CONTRACTORVENDOR's security standards, polices, guidelines and procedures (subsections subsections (i) through (iv) are collectively referred to as the "Security Policies and Procedures"). If there is a change in the Security Policies and Procedures from and after the Effective Date that CONTRACTOR disagrees withVENDOR determines increases its costs to provide Services, CONTRACTOR or Support and Maintenance Services, VENDOR may submit a Waiver RequestChange Request detailing VENDOR's reasonable increased costs to comply with such change. AGENCY will evaluate the Waiver Change Request and either approve itsign a Change Order paying the amounts set forth therein, whereupon CONTRACTOR VENDOR shall not be obligated to comply changewith the change in the Security Policies and Procedures, or reject the Waiver Request, wherepon CONTRACTOR shall waive VENDOR's obligation to comply with such change. The VENDOR Information Security Officer's participation shall not be chargeable to AGENCY.