상담 02 704 6398
최근 PCI DSS(Payment Card Industry (PCI) Data Security Standard) 사업에 관심을 가지는 회사들이 많아지고 있습니다.
최근 PCI DSS(Payment Card Industry (PCI) Data Security Standard) 사업에 관심을 가지는 회사들이 많아지고 있습니다.
QSA(For Qualified Security Assessors)로 활동하기 위하여 자격 요건, 제출 되어져야 하는 자료 중
보험증권 제출에 대한 내용이 있습니다.
원문에 대한 이해를 돕기 위하여 아래와 같이 부연 설명에 대하여 글 남겨 드립니다.
해당 업무를 담당하시는 분들에게 조금이나마 도움이 되는 자료가 되었으면 합니다.
<Insurance
Requirements 원문>
Appendix E. Insurance Coverage
This is the expected insurance clause and coverage for all QSA companies, except for in those locations where such insurance coverage is not available or provided. The limits shown in this appendix may be written in other currencies, but should be the equivalent of the limits in US dollars shown here.
Note:
For QSAs to conduct work outside their home countries, the following is an additional insurance coverage requirement: The insurance provider must respond to claims on a global basis (and particularly respond to claims brought in the U.S. if applicable.
Note:
Most insurance is not automatically written to respond to claims outside of the country and many specifically exclude claims from the U.S.
The following is a typical insurance clause and includes expected coverage:
Prior to the commencement of the Services under this agreement, the Security Assessor shall procure the following insurance coverage, at its own expense, with respect to the performance of such Services.
Such insurance shall be issued by financially responsible and properly licensed insurance carriers in the jurisdictions where the Services are performed and rated at least A VIII by Best’s Rating Guide (or otherwise acceptable to PCI SSC) and with minimum limits as set forth below.
*보험사의 기준
-AM Best
-Rating : A 이상
-Financial Size Category : VIII 이상
Such insurance shall be maintained in full force and effect for the duration of this agreement and any renewals thereof:
§ WORKERS’ COMPENSATION: Statutory Workers Compensation as required by applicable law and
산재보험에 해당되며, 근로복지공단에서 영문 Certificate 발급 후 제출
§ EMPLOYER’S LIABILITY with a limit of $1,000,000
*근재보험
산재 초과분의 보상을 담당하는 보험임.
단순예시) 30세 직장인 근무중 사망시
산재보험금이 2억 나왔다면 유가족이 민사소송을 진행하면 3억원 정도의 판결이 나올 수 있음.
이 경우 ‘민사판결액-산재보험금=1억’을 커버하는 보험이 근재보험임.
§ COMMERCIAL GENERAL LIABILITY INSURANCE including PRODUCTS, COMPLETED OPERATIONS, ADVERTISING INJURY, PERSONAL INJURY and CONTRACTUAL LIABILITY INSURANCE with the following minimum limits for Bodily Injury and Property Damage on an Occurrence basis: $1,000,000 per occurrence and
$2,000,000 annual aggregate. PCI SSC to be added as “Additional Insured.”
*CGL 보험
-Product
Liability : 생산물배상책임보험 (생산하는 제품이 있을 경우만)
-Completed
Operation : 완성작업위험 (어떠한 작업을 하는 경우만)
-Advertising
Injury : 광고인격침해
-Personal
Injury : 인격침해
-Contractual
Liability : 계약배상책임
-보상한도액
대인대물 관련 보상한도액 : 100만불
총보상한도액 : 200만불
-추가 피보험자(Additional
Insured) : PCI SSC
-보상기준
사고발생기준(Occurrence basis, 반대개념은 Claim made basis)
(Version
2.1 February 2016 업데이트)
The policy
Coverage Territory must include the entire Region(s) in which the QSA Company
has qualified to operate.
QSAC가 활동하는 모든 지역을 담보범위에 포함해야 한다.
§ COMMERCIAL AUTOMOBILE INSURANCE including owned, leased, hired, or non-owned autos subject to minimum limits of $1,000,000 per accident
*자동차배상책임보험
당 신규사업에 사용될 차량에 대한 자동차배상책임보험을 의미하며,
기존에 회사에서 가입하고 있는 자동차보험회사에
상기 조건(100만불 이상)을 만족하는 영문 Certificate를 발급 받으면 됩니다..
§ CRIME/FIDELITY BOND including employee dishonesty, robbery, fraud, theft, forgery, alteration, mysterious disappearance and destruction. The minimum limit shall be
$1,000,000 each loss and annual aggregate.
*Crime /
Fidelity Bond(회사종합보험(회사범죄보험, 회사금융보험), 신원보증)
-Crime (또는 DDD라고도 함.)
연 단위로 회사에서 가입하는 보험이며, 상기 조건에는 ‘기명방식’
으로 ‘개별적’가입을 하는 신원보증보험(서울보증보험)보다는 DDD가
적합할 것으로 보여집니다.
종업원(Employee)에 의한 Dishonest, Disappearance, Destruction 등에 의해 Financial
Loss가 발행하였을 경우 담보되는 보험.
-Fidelity
Bond
신원보증보험을 의미함.
(Version
2.1 February 2016 업데이트)
Coverage
must also include third-party employee dishonesty, i.e., coverage for claims
made by the QSA Company’s client against the QSA Company for theft committed by
the QSA Company’s Employees.
통상 Crime Insurance(DDD, Dishonest, Disappearance and
Destruction)는 직원과 관련된 dishonesty, robbery, fraud, theft, forgery, alteration, mysterious disappearance and destruction에 의한 피보험자이 입게되는
Financial Loss을 담보하는 보험입니다.
즉, 통상 Crime
Insurance라 함은 1st Party employee
dishonesty를 담보합니다.
요청되는 사항은 third-party
employee dishonesty이며,
해당 내용은
‘직원의 부정직 행위 등에 의한 Client가 입게되는 재정손실에 대하여 Client의 직원이 클레임 제기’을 의미합니다.
(Version
2.1 February 2016 업데이트)
The policy
Coverage Territory must include the entire Region(s) in which the QSA Company
is qualified to operate.
QSAC가 활동하는 모든 지역을 담보범위에 포함해야 한다.
§ TECHNOLOGY ERRORS & OMISSIONS, CYBER-RISK and PRIVACY LIABILITY INSURANCE covering liabilities for financial loss resulting or arising from acts, errors or omissions in rendering computer or information technology Services, or from data damage/destruction/corruption, including without limitation, failure to protect privacy, unauthorized access, unauthorized use, virus transmission, denial of service and loss of income from network security failures in connection with the Services provided under this agreement with a minimum limit of two million dollars ($2,000,000) each claim and annual aggregate.
§ TECHNOLOGY ERRORS & OMISSIONS, CYBER-RISK and PRIVACY LIABILITY INSURANCE
covering liabilities for financial loss
resulting or arising
from acts, errors or omissions in rendering computer or information technology Services, or
from data damage/destruction/corruption, including without limitation, failure
to protect privacy, unauthorized access, unauthorized use, virus transmission, denial of service and loss of income from network security failures in connection with the Services provided under this agreement with a minimum limit of two million dollars ($2,000,000)
each claim and annual aggregate.
*E&O보험 가입(Cyber Risk,
Privacy Liability 포함)
-보상하는 손해
. acts, errors or omissions in rendering computer or information
technology Services
. data damage/destruction/corruption, including without
limitation, failure to protect privacy, unauthorized access,
unauthorized use, virus transmission, denial of service and loss of
income from network security failures in connection with the
Services provided under this agreement
으로부터 발생하는 재정적 손실을 담보하는 보험을 가입해야 함.
-보상한도액
agreement with a minimum limit of two million dollars
($2,000,000) each claim and annual aggregate.
클레임당/연간 총 보상한도액 : 200만불
(Version
2.1 February 2016 업데이트)
The policy
Coverage Territory must include the entire Region(s) in which the QSA Company
is qualified to operate.
QSAC가 활동하는 모든 지역을 담보범위에 포함해야 한다.
If any of the above insurance is written on a claims-made basis, then Security Assessor shall maintain such insurance for five (5) years after the termination of this agreement.
상기의 보험들이 배상청구기준(Claim-made basis)로 가입이 된다면
QSA는 계약의 종결일로부터 추가 5년간 추가적으로 가입을 해야 한다.
Without limiting Security Assessor’s indemnification duties as outlined in the Indemnification Section herein, PCI SSC shall be named as an additional insured under the Commercial General Liability for any claims and losses arising out of, allegedly arising out of or in any way connected to the Security Assessor’s performance of the Services under this agreement.
CGL보험에서 PCI SSC가 추가 피보험자로 반영되어야 한다.
The insurers shall agree that the Security Assessor’s insurance is primary and any insurance maintained by CPS SSC shall be excess and non-contributing to the Security Assessor’s insurance.
Security Assessord의 보험증서가 우선적으로 사용되며(Primary),
CPS SSC에게 공동분담(non-contributing)이 요구되어져서는 안된다.
(즉, CPS SSC도 같은 보험에 가입이 되어져 있을 겁니다.)
Prior to commencing of services under this agreement and annually thereafter, Security Assessor shall furnish a certificate, satisfactory to PCI SSC from each insurance company evidencing that the above insurance is in force in compliance
with
the terms of this insurance section, stating policy numbers,
dates of expiration and limits of liability, and
서비스 개시전 Certi. 를 제출해야 하며, 해당 써티에는 보험조건, 증서번호, 만기일, 보상한도액이 명시되어야 한다.
further providing that Security Assessor will endeavor to provide at least thirty (30) days’ prior written notice in the event the insurance is canceled.
보험의 조건을 변경할 경우 최소 30일 전 서면통보해야 한다.
In addition to the certificate of insurance,
Security Assessor shall provide copies of the actual insurance policies if requested by PCI SSC at any time.
Security Assessor shall send Certificate(s) of Insurance confirming such coverage according to the directions in Section 2.3 of this document.
Fulfillment of obligations to procure insurance shall not otherwise relieve Security Assessor of any liability hereunder or modify Security Assessor’s obligations to indemnify PCI SSC.
보험을 가입하였다 하여 책임이 경감되지는 않는다.
즉, 보험은 최소한의 안전장치이며, 상기 언급된 보상한도액 이상의 사고가 발생하였다면 (보험)보상액 초과분에 대해서도 책임을 져야 한다는 의미정도로 보시면 될 듯 합니다.,
In the event that Security Assessor subcontracts or assigns any portion of the Services in this agreement, the Security Assessor shall require any such subcontractor to purchase and maintain insurance coverage and waiver of subrogation as required herein.
하도급업자에게도 똑 같은 보험이 가입되어져야 하며,
아래 기술한 바와 같이 대위권 포기 특약이 반영되어야 한다.
WAIVER OF SUBROGATION: Security Assessor agrees to waive subrogation against PCI SSC for any injuries to its employees arising out of or in any way related to Security Assessor’s performance of the Service under this agreement.
Security Assessor는 PCI SSC에 대한 업무수행과 관련된 직원의 injury에 대한 대위권 포기에 동의한다.
Further, Security Assessor agrees that it shall ensure that the Workers’compensation/Employer’s Liability insurers agree to waive subrogation rights, in favor of PCI SSC, for any claims arising out of or in any way connected to Security Assessor’s performance of the Services under this agreement.
Security Assessor 는 WC/EL의 보험사도 PCI SSC에 대한 대위권을 포기한다는 것에 대한 확약을 해야 한다.