Common use of PCI Compliance Clause in Contracts

PCI Compliance. (Include if applicable) Contractor represents and warrants that for the life of the Contract, the software and services used for processing credit card transactions shall be compliant with standards established by the PCI Security Standards Council (xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/index.shtml). Contractor must clearly define the managed PCI DSS requirements and provide a written agreement that the Contractor is responsible for the security of the cardholder data the Contractor possesses or otherwise stores, processes or transmits on behalf of the University. Contractor agrees to indemnify and hold University, its officers, employees, and agents, harmless for, from and against any and all claims, causes of action, suits, judgments, assessments, costs (including reasonable attorneys’ fees) and expenses arising out of or relating to any loss of University customer credit card or identity information managed, retained or maintained by Contractor, including but not limited to fraudulent or unapproved use of such credit card or identity information. Contractor must annually submit the appropriate “Attestation of Compliance” to the University and clearly identify the services and system components that are included in the scope of their assessment.

PCI Compliance. (Include if applicable) Contractor represents and warrants that for the life of the Contract, the software and services used for processing credit card transactions shall be compliant with standards established by the PCI Security Standards Council (xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/index.shtmlxxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx/xxxxx.xxxxx). Contractor must clearly define the managed PCI DSS requirements and provide a written agreement that the Contractor is responsible for the security of the cardholder data the Contractor possesses or otherwise stores, processes or transmits on behalf of the University. Contractor agrees to indemnify and hold University, its officers, employees, and agents, harmless for, from and against any and all claims, causes of action, suits, judgments, assessments, costs (including reasonable attorneys’ fees) and expenses arising out of or relating to any loss of University customer credit card or identity information managed, retained or maintained by Contractor, including but not limited to fraudulent or unapproved use of such credit card or identity information. Contractor must annually submit the appropriate “Attestation of Compliance” to the University and clearly identify the services and system components that are included in the scope of their assessment.