Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
Audit and Testing. The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an [annual] basis or as otherwise agreed by the parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority. The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Authority pursuant to this Agreement, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests. Where any Security Test carried out pursuant to paragraphs 14.3 or 14.4 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 13.5.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 14, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements. COMPLIANCE WITH ISO/IEC 27001 [The Contractor shall obtain independent certification of the Security Plan to ISO ...
Audit and Testing. 4.1 The Provider shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with UK SBS.
Audit and Testing. Vendor will complete one of the following audits at least annually and immediately after any actual or reasonably suspected Security Incident: SOC 2 Type II, SOC for Cybersecurity, or an accepted Higher Education Cloud Vendor Assessment Tool (xxxxx://xxxxxxx.xxxxxxxx.xxx/resources/2020/4/higher-education-community-vendor-assessment-toolkit). Evidence must be provided to the University prior to this Agreement and at least annually thereafter. Prior to this Agreement, and at regular intervals of no less than annually and whenever a change is made which may impact the confidentiality, integrity, or availability of University Data, and in accordance with industry standards and best practices, Vendor will, at its expense, perform scans for unauthorized applications, services, code and system vulnerabilities on the networks and systems used to perform services related to this Agreement (“Security Tests”). An initial report must be provided to the University prior to this Agreement. Vendor will provide the University the reports or other documentation resulting from the audits, certifications, scans and tests within five (5) business days of Vendor' generation or receipt of such results. If any critical finding is identified, Vendor agrees to notify the University and remediate the critical finding within thirty (30) days. Any critical finding not remediated within thirty (30) days must be reported to University at xxxxxxxx@xxxxxxx.xxx. All other findings must be remediated within ninety (90) days. At University’s request, Vendor will promptly provide written attestation that required Security Tests, independent audits, and/or a DPIA have been conducted either by a qualified Representative or by a third party in the prior twelve months. The University may require the Vendor to perform additional audits and tests, the results of which will be provided to the University within five (5) business days of the Vendor’s receipt of such results. Vendor agrees to take reasonable steps to assist University in maintaining the accuracy of such University Data under the control of Vendor, including synchronizing relevant Systems, databases, or applications, as deemed necessary by University. The University reserves the right to annual, at a minimum, review of: Vendor’s access reports related to access to University Data; Vendor’s patch management process, schedules, and logs; findings of vulnerability scans and/or penetration tests of Vendor systems; and Vendor development st...
Audit and Testing a. Vendor will complete one of the following audits at least annually and immediately after any actual or reasonably suspected Security Incident: SOC 2 Type II, SOC for Cybersecurity, or an accepted Higher Education Cloud Vendor Assessment Tool (xxxxx://xxxxxxx.xxxxxxxx.xxx/resources/2020/4/higher- education-community-vendor-assessment-toolkit). Evidence must be provided to the University prior to this Agreement and at least annually thereafter.
Audit and Testing. 4.1 The Prime Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the parties. The date, timing, content and conduct of such Security Tests shall be notified in advance to the Authority.
Audit and Testing. 7.1 The Cyber Security Management Plan shall provide for the Supplier to:
Audit and Testing. 4.1 The Authority shall carry out a security review of the Suppliers premises and processes within the first 3 months of commencement date on a date agreed in advance with the Supplier and Authority.
Audit and Testing. The Authority should set out a description of the audit and testing process to be used for the security requirements.
Audit and Testing. 4.1. The SERVICE PROVIDER shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer.
