Payment Card Industry (PCI) Consulting
1. Scope of Work.
1.1. Verizon will provide PCI data security standard (PCI DSS) consulting services to Customer as described herein. Verizon will act in an advisory capacity providing Customer with on-going guidance pertaining to PCI DSS compliance, including maintenance of such compliance. Verizon will make remediation recommendations and draft written Deliverables as specifically requested by Customer. Verizon will provide Customer with consultative support if Customer chooses to implement remediation recommendations. Consultative support will consist of such activities as reviewing Customers remediation plan and writing/updating policies and procedures associated with Customers remediation activities.
1.2. Project Management. Verizon will work with Customer to schedule a kickoff meeting to initiate the Project. Verizon and Customer will collaborate to determine required stakeholders and other attendees, agenda, and meeting location (i.e. on site or remote). At or before the kickoff meeting, Customer shall provide a list of contact personnel with after hours emergency contact numbers and on-site authorization documentation (where applicable).
2. Deliverables and Documentation to be produced by Verizon. Deliverables are intended for Customer and Verizon use only. Customer may disclose a Deliverable to a third party pursuant to the Agreements confidentiality terms. Verizon will provide, as requested by Customer, documentation that describes the Professional Services assistance and/or guidance provided by Verizon for the engagement.
3. Documentation to be produced by Customer and Customer Obligations. Delivery of the Professional Services by Verizon is dependent on Customers appointing a single point of contact for co-ordination of the Project activities for interaction with Verizon and ensuring smooth data flow and exchange of information required for execution of the Project within the agreed time-frame.
4. Assumptions. Delivery of the Professional Services by Verizon is predicated on the following assumptions and conditions:
4.1. If the number of hours required to draft the Deliverables exceeds the hours specified in the Engagement Letter, Customer will execute a mutually agreeable amendment to the Engagement Letter such that Verizon can complete the Deliverables;
4.2. The Professional Services are based on Verizons understanding of Customers requirements as documented in an Engagement Letter. Should the scope of the Project change, Verizon will continue work only after mutual execution of an amended Engagement Letter; and
4.3. Customer is responsible for the implementation of any changes under the Engagement Letter to applications or devices managed by Customer or Customers service providers.