Cyber Security of Supplier's Products and Services Sample Clauses

Cyber Security of Supplier's Products and Services. 4.1. Supplier is obliged to comply with the state of the art, norms, standards, processes and methods applicable in the industry in order to prevent, identify, assess and remediate Cyber Security risks that may arise, from including but not limited to vulnerabilities or Malware in Products and Services. 4.2. For certain products and services, Specific Cyber Security Related Requirements will be agreed with Appendix A. 4.3. Bosch is entitled, even during an ongoing supply relationship, to make acceptance of products and services dependent on proof of current certification of agreed Specific Cyber Security Related Requirements in Appendix A. 4.4. Unless otherwise agreed, software included in products and services (including third-party software and software components) shall be up to date, including all the available security updates, at the time of delivery or commencement of the service. Additionally, instructions on how to install security updates shall be included. 4.5. Any interfaces of the products and services accessible from outside Bosch systems or the environment these systems are meant to operate in shall be specified and clearly documented in agreement with Bosch. This also applies to automatic data connections, e.g. via maintenance interfaces, software update mechanisms or control channels, to enable an exchange of information with Supplier or third parties’ systems. 4.6. For cryptographic systems included in products or services, Supplier shall take into account the state of the art, intended context of use, and expected lifetime of products or life of services and select suitable cryptographic mechanisms, their configurations, key lengths and update/upgrade capabilities accordingly. 4.7. Supplier shall be responsible for complying with any cryptographic laws and/or regulatory requirements applicable to the delivery of products or services to Bosch. 4.8. Supplier warrants and provides assurance that products and services do not contain any Malware or manipulated or counterfeit components of third parties. Supplier shall verify absence according to the state of the art and upon request confirm in writing that no indication of nonconformity with the above has been detected. 4.9. Supplier shall provide a complete inventory in a common file format showing in a clear structure all hardware and software components (including open source components) included in delivered products and services. This inventory will also be referred to as “Bill of Materi...