Common use of Information Security Review Clause in Contracts

Information Security Review. Xxxxxx’x reserves the right to perform information security reviews on any systems or applications used by Supplier to provide services to Xxxxxx’x. The security reviews can include physical inspection, external scan, code review, process reviews, and reviews of system configurations(“Security Reviews”). The Security Reviews shall be conducted at Xxxxxx’x discretion, by Xxxxxx’x or its designee (who shall be a reputable security firm), and at Xxxxxx’x expense unless provided otherwise. Supplier shall grant permission to Xxxxxx’x to perform the Security Reviews. Xxxxxx’x actions or results from any Security Reviews shall be the sole property of Xxxxxx’x and may not be utilized or relied on by Supplier in any way, except as set forth by Xxxxxx’x in performance of services hereunder. Should any Security Review result in the discovery of material security risks to the network used by Supplier to perform services for Xxxxxx’x, Supplier shall be solely responsible for the cost of the Security Reviews. Xxxxxx’x shall immediately notify Supplier of such risks and Supplier shall respond to Xxxxxx’x in writing within three days with Supplier’s plan to take reasonable measures to promptly correct, repair, modify the said network or application to effectively eliminate the risk at no cost to Xxxxxx’x.

Information Security Review. Xxxxxx’x reserves the right to perform information security reviews on any systems or applications used by Supplier to provide services to Xxxxxx’x. The security reviews can include physical inspection, external scan, code review, process reviews, and reviews of system configurations(“Security configurations (“Security Reviews”). The Security Reviews shall be conducted at Xxxxxx’x discretion, by Xxxxxx’x or its designee (who shall be a reputable security firm), and at Xxxxxx’x expense unless provided otherwise. Supplier shall grant permission to Xxxxxx’x to perform the Security Reviews. Xxxxxx’x actions or results from any Security Reviews shall be the sole property of Xxxxxx’x and may not be utilized or relied on by Supplier in any way, except as set forth by Xxxxxx’x in performance of services hereunder. Should any Security Review result in the discovery of material security risks to the network used by Supplier to perform services for Xxxxxx’x, Supplier shall be solely responsible for the cost of the Security Reviews. Xxxxxx’x shall immediately notify Supplier of such risks and Supplier shall respond to Xxxxxx’x in writing within three days with Supplier’s plan to take reasonable measures to promptly correct, repair, modify the said network or application to effectively eliminate the risk at no cost to Xxxxxx’x.