PCI SSC Clause Samples

PCI SSC. Following Acceptance of a Product by PCI SSC, PCI SSC will communicate such Acceptance to the Assessor in accordance with the Program Documents, and post applicable details regarding the Product and Vendor on the Validated Product List. A Product is deemed to have been “Accepted” (and “Acceptance” is deemed to have occurred) when all of the following conditions have been met: (i) PCI SSC has received the corresponding Assessment Report from the Assessor in which the Assessor determines that the Product satisfies all applicable requirements of the Program Documents; (ii) PCI SSC has confirmed that the Assessment Report is correct as to form, the Assessor adequately reported the compliance of the Product in accordance with Program requirements and the detail provided in the Assessment Report meets Program requirements; (iii) PCI SSC has received all applicable Program Fees and all other documentation required with respect to the Product; and (iv) PCI SSC has listed the Product on the Validated Product List (provided that PCI SSC may suspend, withdraw, revoke, cancel or place conditions upon (including without limitation, complying with remediation requirements) Acceptance any Product in accordance with Program policies and procedures.

PCI SSC a. May amend, remove, add to or suspend any provision of any Program, cease to operate any Program, whether with or without replacing it with any other program, in its sole discretion, and without notice. b. Does not guarantee, warrant or endorse any Product. c. May, at its discretion, with respect to each Program, publish a list or lists of Products Accepted by PCI SSC thereunder, identifying the applicable validating Assessors and related Program participant information, together with corresponding Product status information (including without limitation, Acceptance, approval, suspension, remediation, and/or Revocation status) and other information identifying such Products, including without limitation, Vendor name and contact information, Product descriptions, version numbers, types, TPSs and TPSPs, target markets and reference numbers, information as to whether or not such Products and/or components thereof have satisfied applicable Program requirements, applicable Acceptance, validation, revalidation and expiry dates, reference, approval or acceptance numbers, deployment notes, PCI Standard version numbers, device types, hardware, firmware and application version numbers, and other information as identified or described in the Program Guide (the applicable list(s) for a given Program, the “Validated Product List”). d. May Revoke (i) a given Product in the event Vendor fails to timely pay applicable Program Fees for such Product or PCI SSC reasonably determines that Revocation of such Product is necessary as a result of (A) a Security Issue with respect to, or any defect, flaw, weakness or vulnerability in, such Product that compromises the security of such Product; (B) the failure of such Product to comply with requirements applicable to other Products of the same type; or

PCI SSC a. May amend, remove, add to or suspend any provision of any Program, and/or cease to operate any Program, whether with or without replacing it with any other program, in its sole discretion, and without notice. b. Does not guarantee, warrant or endorse any vendor or Product. c. May, at its discretion, with respect to each Program, publish a list or lists of Products and/or vendors (including Vendor, as applicable) Accepted by PCI SSC thereunder, identifying the applicable validating Assessors, related Program participant information, corresponding Product and/or vendor status information (including without limitation, Acceptance, approval, suspension, remediation, and/or Revocation status) and other information identifying such vendor or Products, including without limitation, vendor name and contact information, Product and/or software (as applicable) descriptions, version numbers, types, categories, and components thereof, TPPs and TPP Providers, target markets, locations, responsible business units, and reference numbers, information as to whether or not such Products, software and/or components thereof have satisfied applicable Program Requirements, applicable Acceptance, validation, revalidation and expiry dates, reference, approval or acceptance numbers, deployment notes, PCI Standard version numbers, device types, hardware, firmware and application version numbers, and other information as identified or described in the applicable Program Guide (the applicable list of Products and vendors Accepted by PCI SSC for a given Program, the “Validated List”; and the information and data provided as part of the Validated List for a given Product or vendor, the “Listing”). d. May Revoke (i) a given Listed Product in the event Vendor fails to timely pay applicable Program Fees for such Product or PCI SSC reasonably determines that Revocation of such Product is necessary as a result of (A) a Security Issue with respect to, or any other defect, flaw, weakness or vulnerability of such Product that compromises the security of such Product; (B) the failure of such Product to comply with requirements applicable to other Products of the same type or applicable Program Requirements; or (C) PCI SSC's determination that such Product is of a type that is not within the scope of the applicable Program or that Vendor’s rights to permit Acceptance of such Product are insufficient or in dispute (each of the circumstances described in preceding clause (i) a “Product Default”...