Security Evaluations. (a) Global shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of Mercury Information and Global Processing Resources. Global shall periodically (no less than quarterly) conduct vulnerability assessments and penetration tests of its publicly-accessible Information Processing Resources. Global shall document the results of these evaluations and any remediation activities taken in response to such evaluations. Upon request no more than once per year, Global shall (i) provide a copy of its Attestation of Compliance, resulting from a PCI-DSS audit of the applicable Global Processing Resources; (ii) provide a copy of its SSAE 16 SOC 1 report and any other certifications, attestations or reports required by applicable law, regulations or the Rules for the provision of Services or Additional Services that are requested by Mercury. (b) Mercury shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of Mercury Information and Global Processing Resources. Mercury shall periodically (no less than quarterly) conduct vulnerability assessments and penetration tests of its publicly-accessible Information Processing Resources. Mercury shall document the results of these evaluations and any remediation activities taken in response to such evaluations. Upon request, no more than once per year, Mercury shall (i) provide a copy of its Attestation of Compliance, resulting from a PCI-DSS audit; (ii) provide a copy of its SSAE 16 SOC 1 report and any other certifications, attestations or reports required by applicable law, regulations or the Rules for the provision of Services or Additional Services that are requested by Global.
Appears in 2 contracts
Sources: Global Master Service Agreement (Mercury Payment Systems, Inc.), Global Master Service Agreement (Mercury Payment Systems Holdings, Inc.)