Logger Script
레이블이 Payment Card Industry Data Security Standard Insurance인 게시물을 표시합니다. 모든 게시물 표시
레이블이 Payment Card Industry Data Security Standard Insurance인 게시물을 표시합니다. 모든 게시물 표시

[기업보험] Payment Card Industry (PCI) Data Security Standard Insurance Requirements에 대한 안내문

                                                                                        상담 02 704 6398

최근 PCI DSS(Payment Card Industry (PCI) Data Security Standard) 사업에 관심을 가지는 회사들이 많아지고 있습니다.  
QSA(For Qualified Security Assessors) 활동하기 위하여 자격 요건, 제출 되어져야 하는 자료
보험증권 제출에 대한 내용이 있습니다.

원문에 대한 이해를 돕기 위하여 아래와 같이 부연 설명에 대하여 남겨 드립니다.
해당 업무를 담당하시는 분들에게 조금이나마 도움이 되는 자료가 되었으면 합니다.

<Insurance Requirements 원문>

Appendix E.                 Insurance Coverage
This is the expected insurance clause and coverage for all QSA companies, except for in those locations where such insurance coverage is not available or provided. The limits shown in this appendix may be written in other currencies, but should be the equivalent of the limits in US dollars shown here.

For QSAs to conduct work outside their home countries, the following is an additional insurance coverage requirement: The insurance provider must respond to claims on a global basis (and particularly respond to claims brought in the U.S. if applicable.

Most insurance is not automatically written to respond to claims outside of the country and many specifically exclude claims from the U.S.

The following is a typical insurance clause and includes expected coverage:

Prior to the commencement of the Services under this agreement, the Security Assessor shall procure the following insurance coverage, at its own expense, with respect to the performance of such Services.
Such insurance shall be issued by financially responsible and properly licensed insurance carriers in the jurisdictions where the Services are performed and rated at least A VIII by Best’s Rating Guide (or otherwise acceptable to PCI SSC) and with minimum limits as set forth below.

*보험사의 기준
-AM Best
-Rating : A 이상
-Financial Size Category : VIII 이상

Such insurance shall be maintained in full force and effect for the duration of this agreement and any renewals thereof:
§   WORKERS’ COMPENSATION: Statutory Workers Compensation as required by applicable law and
산재보험에 해당되며근로복지공단에서 영문 Certificate 발급  제출

§   EMPLOYER’S LIABILITY with a limit of $1,000,000
산재 초과분의 보상을 담당하는 보험임.
단순예시) 30 직장인 근무중 사망시
산재보험금이 2 나왔다면 유가족이 민사소송을 진행하면 3억원 정도의 판결이 나올  있음.
 경우 ‘민사판결액-산재보험금=1 커버하는 보험이 근재보험임.

§   COMMERCIAL GENERAL LIABILITY INSURANCE including PRODUCTS, COMPLETED OPERATIONS, ADVERTISING INJURY, PERSONAL INJURY and CONTRACTUAL LIABILITY INSURANCE with the following minimum limits for Bodily Injury and Property Damage on an Occurrence basis: $1,000,000 per occurrence and
$2,000,000 annual aggregate. PCI SSC to be added as “Additional Insured.”

*CGL 보험
-Product Liability : 생산물배상책임보험 (생산하는 제품이 있을 경우만)
-Completed Operation : 완성작업위험 (어떠한 작업을 하는 경우만)
-Advertising Injury : 광고인격침해
-Personal Injury : 인격침해
-Contractual Liability : 계약배상책임
대인대물 관련 보상한도액 : 100만불
총보상한도액 : 200만불
-추가 피보험자(Additional Insured) : PCI SSC
  사고발생기준(Occurrence basis, 반대개념은 Claim made basis)

(Version 2.1 February 2016 업데이트)
The policy Coverage Territory must include the entire Region(s) in which the QSA Company has qualified to operate.

QSAC 활동하는 모든 지역을 담보범위에 포함해야 한다.

§   COMMERCIAL AUTOMOBILE INSURANCE including owned, leased, hired, or non-owned autos subject to minimum limits of $1,000,000 per accident

  신규사업에 사용될 차량에 대한 자동차배상책임보험을 의미하며,
 기존에 회사에서 가입하고 있는 자동차보험회사에
 상기 조건(100만불 이상) 만족하는 영문 Certificate 발급 받으면 됩니다..

§   CRIME/FIDELITY BOND including employee dishonesty, robbery, fraud, theft, forgery, alteration, mysterious disappearance and destruction. The minimum limit shall be
$1,000,000 each loss and annual aggregate.

*Crime / Fidelity Bond(회사종합보험(회사범죄보험회사금융보험), 신원보증)
 -Crime (또는 DDD라고도 .)
 단위로 회사에서 가입하는 보험이며상기 조건에는 ‘기명방식
으로 ‘개별적가입을 하는 신원보증보험(서울보증보험)보다는 DDD 
적합할 것으로 보여집니다.
종업원(Employee) 의한 Dishonest, Disappearance, Destruction 등에 의해 Financial Loss 발행하였을 경우 담보되는 보험.

-Fidelity Bond
신원보증보험을 의미함.

(Version 2.1 February 2016 업데이트)
Coverage must also include third-party employee dishonesty, i.e., coverage for claims made by the QSA Company’s client against the QSA Company for theft committed by the QSA Company’s Employees.

통상 Crime Insurance(DDD, Dishonest, Disappearance and Destruction) 직원과 관련된 dishonesty, robbery, fraud, theft, forgery, alteration, mysterious disappearance and destruction 의한 피보험자이 입게되는 Financial Loss 담보하는 보험입니다.

통상 Crime Insurance 함은 1st Party employee dishonesty 담보합니다.
요청되는 사항은 third-party employee dishonesty이며,
해당 내용은
직원의 부정직 행위 등에 의한 Client 입게되는 재정손실에 대하여 Client 직원이 클레임 제기 의미합니다.

(Version 2.1 February 2016 업데이트)
The policy Coverage Territory must include the entire Region(s) in which the QSA Company is qualified to operate.

QSAC 활동하는 모든 지역을 담보범위에 포함해야 한다.

§   TECHNOLOGY ERRORS & OMISSIONS, CYBER-RISK and PRIVACY LIABILITY INSURANCE covering liabilities for financial loss resulting or arising from acts, errors or omissions in rendering computer or information technology Services, or from data damage/destruction/corruption, including without limitation, failure to protect privacy, unauthorized access, unauthorized use, virus transmission, denial of service and loss of income from network security failures in connection with the Services provided under this agreement with a minimum limit of two million dollars ($2,000,000) each claim and annual aggregate.
covering liabilities for financial loss
resulting or arising
from acts, errors or omissions in rendering computer or information technology Services, or
from data damage/destruction/corruption, including without limitation, failure
to protect privacy, unauthorized access, unauthorized use, virus transmission, denial of service and loss of income from network security failures in connection with the Services provided under this agreement  with a minimum limit of two million dollars ($2,000,000)
each claim and annual aggregate.

*E&O보험 가입(Cyber Risk, Privacy Liability 포함)
  -보상하는 손해
. acts, errors or omissions in rendering computer or information
technology Services
. data damage/destruction/corruption, including without 
limitation, failure to protect privacy, unauthorized access, 
unauthorized use, virus transmission, denial of service and loss of 
income from network security failures in connection with the 
Services provided under this agreement
으로부터 발생하는 재정적 손실을 담보하는 보험을 가입해야 .
agreement with a minimum limit of two million dollars  
($2,000,000) each claim and  annual aggregate.
클레임당/연간  보상한도액 : 200만불

(Version 2.1 February 2016 업데이트)
The policy Coverage Territory must include the entire Region(s) in which the QSA Company is qualified to operate.

QSAC 활동하는 모든 지역을 담보범위에 포함해야 한다.

If any of the above insurance is written on a claims-made basis, then Security Assessor shall maintain such insurance for five (5) years after the termination of this agreement.

상기의 보험들이  배상청구기준(Claim-made basis) 가입이 된다면
QSA 계약의 종결일로부터 추가 5년간 추가적으로 가입을 해야 한다.

Without limiting Security Assessor’s indemnification duties as outlined in the Indemnification Section herein, PCI SSC shall be named as an additional insured under the Commercial General Liability for any claims and losses arising out of, allegedly arising out of or in any way connected to the Security Assessor’s performance of the Services under this agreement.
CGL보험에서 PCI SSC 추가 피보험자로 반영되어야 한다.

The insurers shall agree that the Security Assessor’s insurance is primary and any insurance maintained by CPS SSC shall be excess and non-contributing to the Security Assessor’s insurance.
Security Assessord 보험증서가 우선적으로 사용되며(Primary),
CPS SSC에게 공동분담(non-contributing) 요구되어져서는 안된다.
(, CPS SSC 같은 보험에 가입이 되어져 있을 겁니다.)

Prior to commencing of services under this agreement and annually thereafter, Security Assessor shall furnish a certificate, satisfactory to PCI SSC from each insurance company evidencing that the above insurance is in force in compliance

the terms of this insurance section, stating policy numbers, dates of expiration and limits of liability, and

서비스 개시전 Certi.  제출해야 하며해당 써티에는 보험조건증서번호만기일보상한도액이 명시되어야 한다.

further providing that Security Assessor will endeavor to provide at least thirty (30) days’ prior written notice in the event the insurance is canceled.

보험의 조건을 변경할 경우 최소 30  서면통보해야 한다.

In addition to the certificate of insurance,
Security Assessor shall provide copies of the actual insurance policies if requested by PCI SSC at any time.
Security Assessor shall send Certificate(s) of Insurance confirming such coverage according to the directions in Section 2.3 of this document.
Fulfillment of obligations to procure insurance shall not otherwise relieve Security Assessor of any liability hereunder or modify Security Assessor’s obligations to indemnify PCI SSC.

보험을 가입하였다 하여 책임이 경감되지는 않는다.
보험은 최소한의 안전장치이며상기 언급된 보상한도액 이상의 사고가 발생하였다면 (보험)보상액 초과분에 대해서도 책임을 져야 한다는 의미정도로 보시면   합니다.,

In the event that Security Assessor subcontracts or assigns any portion of the Services in this agreement, the Security Assessor shall require any such subcontractor to purchase and maintain insurance coverage and waiver of subrogation as required herein.

하도급업자에게도  같은 보험이 가입되어져야 하며,
아래 기술한 바와 같이 대위권 포기 특약이 반영되어야 한다.

WAIVER OF SUBROGATION: Security Assessor agrees to waive subrogation against PCI SSC for any injuries to its employees arising out of or in any way related to Security Assessor’s performance of the Service under this agreement.

Security Assessor PCI SSC 대한 업무수행과 관련된 직원의 injury 대한 대위권 포기에 동의한다.

Further, Security Assessor agrees that it shall ensure that the Workers’compensation/Employer’s Liability insurers agree to waive subrogation rights, in favor of PCI SSC, for any claims arising out of or in any way connected to Security Assessor’s performance of the Services under this agreement.

Security Assessor  WC/EL 보험사도 PCI SSC 대한 대위권을  포기한다는 것에 대한 확약을 해야 한다.