Required Agreements and Procedures. Vendor shall execute an appropriate written agreement with each entity that it engages as an Assessor, governing the performance of such Assessor's Contracted Assessments of Vendor or Vendor's Products (as applicable) and, in connection with such Assessments, the delivery of the corresponding Vendor Products (if any) and all necessary information to such Assessors for purposes of enabling such Assessors to both review Vendor and/or such Products (as applicable) in accordance with the applicable Program Documents and comply with all applicable Program Requirements and legal requirements (including without limitation, obtaining applicable export licenses and permissions and complying with the terms of this Agreement and all applicable Program Requirements generally applicable to Assessors participating in the relevant Program). To the extent any Product of Vendor for which Vendor is seeking validation or Acceptance under any Program incorporates and/or references any TPP, Vendor shall ensure through a rider in the form attached as Appendix B hereto (the “TPP Rider”) or other written agreement consistent with the terms of the TPP Rider that (i) the applicable TPP Provider has adopted and implemented, and maintains and adheres to Vulnerability Handling Policies consistent with the requirements of Section 2(a)(i)(C)) below, (ii) in the event such TPP Provider becomes aware of any TPP Security Issue (as defined in the TPP Rider) associated with such TPP, such TPP Provider complies with such Vulnerability Handling Policies, and (iii) such TPP Provider notifies Vendor of such TPP Security Issue in accordance with the TPP Rider, has authorized Vendor to notify PCI SSC of each Security Issue, and is otherwise required to comply with the obligations set forth in the TPP Rider. Vendor shall: (1) on or before the date of submission to PCI SSC of the first Assessment Report regarding a Vendor Product that occurs on or after the Effective Date, adopt and implement documented security vulnerability handling programs and processes consistent with industry best practices (“Vulnerability Handling Policies”), including without limitation, programs and detailed processes regarding detection, receipt, triage, prioritization and repair of (and creation of a corresponding Fix (defined below) or Fixes for) Security Issues, provisions requiring Vendor to provide its Vendor Customers with prompt notification of all identified Security Issues and permitting disclosure of Security Iss...
Required Agreements and Procedures. (A) Vendor shall execute an appropriate written agreement with each of its Assessors governing the performance of such Assessor's Assessments of Vendor's Products, delivery of Vendor’s Products and all necessary information to such Assessors for purposes of enabling Assessors to both review Products in accordance with the applicable Program Documents and comply with all applicable Program and legal requirements (including without limitation, obtaining applicable export licences and permissions and complying with the terms of this Agreement and all Assessor Requirements).
Required Agreements and Procedures. (A) Vendor shall execute an appropriate written agreement with each entity that it engages as an Assessor, governing the performance of such Assessor's Contracted Assessments of Vendor's Products and, in connection with such Assessments, the delivery of the corresponding Vendor Products and all necessary information to such Assessors for purposes of enabling such Assessors to both review such Products in accordance with the applicable Program Documents and comply with all applicable Program Requirements and legal requirements (including without limitation, obtaining applicable export licences and permissions and complying with the terms of this Agreement and all applicable Program Requirements generally applicable to Assessors participating in the relevant Program).
Required Agreements and Procedures. (A) Vendor shall execute an appropriate written agreement with each entity that it engages as an Assessor, governing the performance of such Assessor's Contracted Assessments of Vendor or Vendor's Products (as applicable) and, in connection with such Assessments, the delivery of the corresponding Vendor Products (if any) and all necessary information to such Assessors for purposes of enabling such Assessors to both review Vendor and/or such Products (as applicable) in accordance with the applicable Program Documents and comply with all applicable Program Requirements and legal requirements (including without limitation, obtaining applicable export licenses and permissions and complying with the terms of this Agreement and all applicable Program Requirements generally applicable to Assessors participating in the relevant Program).
