Required Agreements and Procedures Clause Samples

Required Agreements and Procedures. Vendor shall execute an appropriate written agreement with each entity that it engages as an Assessor, governing the performance of such Assessor's Contracted Assessments of Vendor's Products and, in connection with such Assessments, the delivery of the corresponding Vendor Products and all necessary information to such Assessors for purposes of enabling such Assessors to both review such Products in accordance with the applicable Program Documents and comply with all applicable Program Requirements and legal requirements (including without limitation, obtaining applicable export licenses and permissions and complying with the terms of this Agreement and all applicable Program Requirements generally applicable to Assessors participating in the relevant Program). To the extent any of Vendor's Products (including but not limited to any of Vendor’s Components, but excluding Rebranded Products (defined in Section A.11 of Appendix A hereto)) incorporates and/or references any TPS other than a Component then appearing on the applicable list of validated Components on the Website, Vendor shall ensure through a rider or other written agreement consistent with the form attached as Appendix B hereto or other means acceptable to Vendor that (i) such TPS Provider has adopted and implemented, and maintains and adheres to Vulnerability Handling Policies in a manner consistent with Section 2(a)(i)(C)) below, (ii) in the event such TPS Provider becomes aware of any Security Issue (which term, solely for purposes of this Section 2(a)(i)(B), shall have the meaning ascribed to it in Appendix B) associated with such TPS, such TPS Provider complies with such Vulnerability Handling Policies, and (iii) such TPS Provider notifies Vendor of such Security Issue in accordance with Appendix B, has authorized Vendor to notify PCI SSC of each Security Issue, and is otherwise required to comply with the obligations set forth in Appendix B. Vendor shall: (1) on or before the date of submission to PCI SSC of the first Assessment Report regarding a Vendor Product that occurs on or after the Effective Date, adopt and implement documented security vulnerability handling programs and processes consistent with industry best practices (“Vulnerability Handling Policies”), including without limitation, programs and detailed processes regarding detection, receipt, triage, prioritization and repair of (and creation of a corresponding Fix (defined below) or Fixes for) Security Issues, provisions req...