JOINT AMENDMENT
to
AMENDED AND RESTATED SOFTWARE LICENSE AGREEMENT
and to
CONSULTING AGREEMENT
THIS JOINT AMENDMENT (the “ Amendment ”) to the
Amended and Restated Software License Agreement (the “
License Agreement ”), and to the Consulting Agreement
(the “ Consulting Agreement ” and together with
the License Agreement, the “ Agreements ”),
dated as of May 31, 2000, by and between Infonox on the Web, a
California corporation (“ Infonox ”), and Global
Cash Access, LLC, a Delaware limited liability company, is made by
and between Infonox and Global Cash Access, Inc., a Delaware
corporation as successor-in-interest to Global Cash Access, L.L.C.
(“ GCA ”) as of October 9, 2006.
IN CONSIDERATION of the representations and warranties of the
parties contained herein, and other good and valuable
consideration, the receipt and sufficiency of which are hereby
acknowledged, the parties agree as follows:
1. Amendment to Agreements . In
accordance with the provisions of Section 21 of the License
Agreement, the License Agreement shall be and hereby is amended by
the inclusion of the following as Section 24 of the License
Agreement, and in accordance with the provisions of Section 13 of
the Consulting Agreement, the Consulting Agreement shall be and
hereby is amended by the inclusion of the following as
Section 19 of the Consulting Agreement:
PCI DSS
Compliance . Each party
acknowledges and agrees that, in connection with the performance of
its covenants and obligations under this agreement, such party (the
“ Recipient ”) has access to, or possession of,
certain cardholder information, including, without limitation, the
ability to transmit, store or process cardholder account and/or
transaction information (collectively, “ Cardholder
Data ”). At all times that Recipient has access to, or
possession of, Cardholder Data, Recipient covenants, agrees,
represents and warrants as set forth in this Section, all of which
shall be undertaken at Recipient’s sole cost and expense, and
all of which shall survive the expiration or earlier termination of
this agreement:
(a) Compliance and Cooperation .
Recipient will comply with and adhere to the payment card industry
(“ PCI ”) data security standard (“
DSS ”) in effect from time to time and shall implement
and maintain appropriate measures designed to meet the objectives
of PCI DSS. In the event a PCI representative or PCI authorized
third-party seeks to conduct a security audit or review of
Recipient at any time, including, without limitation, after an
alleged or actual security intrusion, for the purpose of validating
Recipient’s status, effectiveness or compliance with the PCI
DSS, Recipient will fully cooperate with such audit or
review.
(b) Cardholder Data . Recipient
(i) is solely responsible for, and will ensure, the integrity,
security and confidentiality of Cardholder Data, (ii) will
protect against any anticipated unauthorized access, threats or
hazards to the integrity, security or confidentiality of Cardholder
Date; and (i
|
