Security Issue Procedures Sample Clauses

Security Issue Procedures. In the event Vendor becomes aware of a Security Issue with respect to a given Listed Product of Vendor (or TPS or Component incorporated into such Listed Product), Vendor shall comply with its Vulnerability Handling Policies and, promptly (but in any event within 90 days of so becoming aware) provide written notice of such Security Issue to PCI SSC (each a “Security Issue Notice”), including in such notice: (1) the names, PCI SSC approval numbers and any other relevant identifiers of each Listed Product of Vendor that Vendor reasonably believes may be impacted by such Security Issue; (2) a description of the general nature of the Security Issue; (3) Vendor’s good faith assessment, to Vendor’s knowledge at the time, as to the severity of the vulnerability or vulnerabilities associated with the Security Issue (using CVSS scoring or an alternative industry accepted standard that is reasonably acceptable to PCI SSC) (a “Severity Assessment”); and (4) Vendor’s good faith determination, based on Vendor’s knowledge at the time, as to whether the Security Issue is a Unique Security Issue (a “Uniqueness Determination”). Upon receipt of any Security Issue Notice, PCI SSC may, in its sole discretion and without any further action: (1) Revoke the Listed Product(s) identified therein and (2) take any or all other action(s) permitted under this Agreement or the Program Documents in connection with a Security Issue. A Listed Product delisted (and/or with respect to which Acceptance has been Revoked) in connection with a Security Issue will not be reinstated or re-listed until all of the following conditions have been satisfied to PCI SSC’s satisfaction: (1) Vendor has released and made available to all users of such Product an appropriate Fix resolving such Security Issue; (2) Vendor has fully executed all of its responsibilities to communicate regarding such Security Issue with all applicable Vendor Customers in accordance with Vendor's Vulnerability Handling Policies; (3) Vendor has engaged an Assessor to perform a Contracted Assessment of such Product as corrected by the Fix (or, if approved by PCI SSC, a Contracted Assessment of the Fix in conjunction with such Product) in accordance with the applicable Program Requirements; (4) Vendor has fully apprised such Assessor of such Security Issue prior to such Assessor commencing such Contracted Assessment; (5) as a result of such Contracted Assessment, such Assessor has delivered to PCI SSC, and PCI SSC has Accepted, a co...
Sample 1Sample 2Sample 3See All (5)
AutoNDA by SimpleDocs
Security Issue Procedures. (A) In the event Vendor becomes aware of a Security Issue with respect to a given Listed Product of Vendor (or TPP incorporated into or referenced by any such Listed Product), Vendor shall comply with its Vulnerability Handling Policies and, promptly (but in any event within 90 days of so becoming aware) provide written notice of such Security Issue to PCI SSC (each a “Security Issue Notice”), including in such notice: (1) the names, PCI SSC approval numbers and any other relevant identifiers of each Listed Product of Vendor (and any TPPs incorporated therein or referenced thereby) that Vendor reasonably believes may be impacted by such Security Issue; (2) a description of the general nature of the Security Issue; (3) Vendor’s good faith assessment, to Vendor’s knowledge at the time, as to the severity of the vulnerability or vulnerabilities associated with the Security Issue (using CVSS scoring or an alternative industry accepted standard that is reasonably acceptable to PCI SSC) (a “Severity Assessment”); and (4) Vendor’s good faith determination, based on Vendor’s knowledge at the time, as to whether the Security Issue is a Unique Security Issue (a “Uniqueness Determination”).
Sample 1
Security Issue Procedures. (A) In the event Vendor becomes aware of a Security Issue with respect to a given Product of Vendor, Vendor shall promptly (but in any event within 24 hours) provide written notice of such Security Issue to PCI SSC (each a “Security Issue Notice”), including in such notice: (1) the name, PCI SSC approval number and any other relevant identifiers of the Product; (2) a description of the general nature of the Security Issue; (3) Vendor’s good faith assessment, to Vendor’s knowledge at the time, as to the severity of the vulnerability or vulnerabilities associated with the Security Issue (using CVSS scoring or an alternative industry accepted standard that is reasonably acceptable to PCI SSC) (a “Severity Assessment”); and (4) Vendor’s good faith determination, based on Vendor’s knowledge at the time, as to whether the Security Issue is a Unique Security Issue (a “Uniqueness Determination”).
Sample 1

Related to Security Issue Procedures

  • Administrative Procedures Administrative procedures with respect to the sale of Notes shall be agreed upon from time to time by the Agents and the Company (the "Procedures"). The Agents and the Company agree to perform the respective duties and obligations specifically provided to be performed by them in the Procedures.

  • Application Procedures a) An employee applies for a listing on the system-wide registry through the employee’s Human Resources Department by completing the form in Appendix B.

  • Disbursement Procedures The Issuing Bank shall, promptly following its receipt thereof, examine all documents purporting to represent a demand for payment under a Letter of Credit. The Issuing Bank shall promptly notify the Administrative Agent and the Borrower by telephone (confirmed by telecopy) of such demand for payment and whether the Issuing Bank has made or will make an LC Disbursement thereunder; provided that any failure to give or delay in giving such notice shall not relieve the Borrower of its obligation to reimburse the Issuing Bank and the Lenders with respect to any such LC Disbursement.

  • Notification Procedures To address non-compliance, the receiving Competent Authority would notify the providing Competent Authority pursuant to Article 5 of the IGA. The notification procedures would differ depending upon whether the receiving Competent Authority seeks to address administrative or other minor errors or significant non-compliance.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!