Application and System Security Sample Clauses
The Application and System Security clause establishes requirements and standards to protect software applications and IT systems from unauthorized access, data breaches, and other security threats. Typically, it mandates the implementation of security controls such as encryption, access restrictions, regular vulnerability assessments, and incident response procedures. By setting these expectations, the clause helps ensure that sensitive data and critical systems remain secure, thereby reducing the risk of cyberattacks and safeguarding both parties' interests.
Application and System Security. Supplier agrees at all times to provide, maintain and support its software release and subsequent updates, upgrades, and bug fixes such that the software is, and remains secure from those vulnerabilities using applicable and recognized industry practices or standards including:
i. The Open Web Application Security Project’s (OWASP) “Top Ten Project” - see ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇;
ii. The CWE/SANS Top 25 Programming Errors – see ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/top25/ or ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇/top25-programming-errors/; or
iii. Other generally recognized and comparable industry practices or standards. Additionally, Supplier agrees to maintain a secure processing environment, including but not limited to, the timely application of patches, fixes and updates to operating systems and applications as provided by Supplier or open source support.
Application and System Security. Supplier agrees to engage in, at a minimum annually, external application penetration testing and/or Service Organization Control audits. Supplier agrees to provide, maintain and support software releases and subsequent updates, upgrades, and bug fixes free from known vulnerabilities applicable to the products utilized by the Supplier by adhering to generally recognized industry best practices and standards in Section C.16.a. of this Addendum.
Application and System Security. Service Provider agrees at all times to provide, maintain and support its software release and subsequent updates, upgrades, and bug fixes
a. The Open Web Application Security Project's (OWASP) “Top Ten Project” - see ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇;
b. The CWE/SANS Top 25 Programming Errors – see ▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇▇/top25/ or ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇▇/top25-programming-errors/; or
c. Other generally recognized and comparable industry practices or standards. Additionally, Service Provider agrees to maintain a secure processing environment, includes but is not limited to the timely application of patches, fixes and updates to operating systems and applications as provided by Service Provider or open source support.