{"component": "clause", "props": {"groups": [{"samples": [{"hash": "aYPhBJbMlcY", "uri": "/contracts/aYPhBJbMlcY#patching", "label": "Corporate Supply Arrangement", "score": 35.1210403442, "published": true}, {"hash": "17sjxp1LN7J", "uri": "/contracts/17sjxp1LN7J#patching", "label": "General Service Agreement", "score": 33.7314949036, "published": true}, {"hash": "b53FWEqi6bh", "uri": "/contracts/b53FWEqi6bh#patching", "label": "Corporate Supply Arrangement", "score": 33.2543983459, "published": true}], "snippet_links": [{"key": "the-contractor-must", "type": "clause", "offset": [0, 19]}, {"key": "security-best-practices", "type": "definition", "offset": [61, 84]}, {"key": "current-software", "type": "definition", "offset": [101, 117]}, {"key": "operating-systems", "type": "clause", "offset": [119, 136]}, {"key": "and-application", "type": "clause", "offset": [137, 152]}, {"key": "regular-schedule", "type": "definition", "offset": [261, 277]}, {"key": "time-frame", "type": "definition", "offset": [290, 300]}, {"key": "the-manufacturer", "type": "definition", "offset": [316, 332]}, {"key": "the-province", "type": "clause", "offset": [340, 352]}, {"key": "mitigation-measures", "type": "clause", "offset": [612, 631]}, {"key": "notification-of", "type": "definition", "offset": [644, 659]}, {"key": "compensating-controls", "type": "definition", "offset": [797, 818]}, {"key": "days-or-less", "type": "clause", "offset": [877, 889]}, {"key": "vulnerability-scan", "type": "definition", "offset": [1007, 1025]}, {"key": "web-applications", "type": "definition", "offset": [1345, 1361]}, {"key": "other-systems", "type": "definition", "offset": [1389, 1402]}, {"key": "changes-to", "type": "clause", "offset": [1421, 1431]}, {"key": "malware-protection", "type": "clause", "offset": [1730, 1748]}, {"key": "at-all-times", "type": "definition", "offset": [1780, 1792]}, {"key": "a-day", "type": "definition", "offset": [1855, 1860]}, {"key": "a-week", "type": "definition", "offset": [2004, 2010]}, {"key": "to-the-services", "type": "clause", "offset": [2098, 2113]}, {"key": "asset-management-and-disposal", "type": "clause", "offset": [2228, 2257]}, {"key": "business-assets", "type": "clause", "offset": [2414, 2429]}, {"key": "the-system", "type": "definition", "offset": [2512, 2522]}, {"key": "unless-this-agreement", "type": "clause", "offset": [2641, 2662]}, {"key": "all-records", "type": "clause", "offset": [2711, 2722]}, {"key": "tenancy-security-event-logs", "type": "definition", "offset": [2956, 2983]}, {"key": "copies-of-records", "type": "clause", "offset": [3065, 3082]}, {"key": "to-this-agreement", "type": "clause", "offset": [3183, 3200]}, {"key": "other-method", "type": "clause", "offset": [3409, 3421]}, {"key": "disposal-of", "type": "clause", "offset": [3463, 3474]}, {"key": "in-addition-to", "type": "clause", "offset": [3482, 3496]}, {"key": "the-contractor-may", "type": "clause", "offset": [3512, 3530]}, {"key": "assist-the", "type": "clause", "offset": [3549, 3559]}, {"key": "applicable-law", "type": "clause", "offset": [3575, 3589]}, {"key": "privacy-protection-schedule", "type": "clause", "offset": [3623, 3650]}, {"key": "if-the-contractor", "type": "clause", "offset": [3664, 3681]}, {"key": "government-agency", "type": "clause", "offset": [3793, 3810]}, {"key": "legal-authority", "type": "definition", "offset": [3820, 3835]}, {"key": "access-to", "type": "definition", "offset": [3857, 3866]}, {"key": "assistance-to-the", "type": "clause", "offset": [4016, 4033]}, {"key": "protective-order", "type": "clause", "offset": [4070, 4086]}, {"key": "other-remedy", "type": "clause", "offset": [4090, 4102]}, {"key": "comply-with", "type": "clause", "offset": [4220, 4231]}, {"key": "legal-hold", "type": "clause", "offset": [4248, 4258]}, {"key": "freedom-of-information-and-protection-of-privacy-act", "type": "definition", "offset": [4362, 4414]}, {"key": "after-the-term", "type": "clause", "offset": [4449, 4463]}, {"key": "unexpected-event", "type": "definition", "offset": [4524, 4540]}, {"key": "events-that", "type": "clause", "offset": [4554, 4565]}, {"key": "security-of-protected-information", "type": "clause", "offset": [4590, 4623]}, {"key": "unauthorized-access", "type": "definition", "offset": [4639, 4658]}, {"key": "incident-to", "type": "definition", "offset": [4832, 4843]}, {"key": "oral-report", "type": "clause", "offset": [4906, 4917]}, {"key": "notice-in-writing", "type": "definition", "offset": [4925, 4942]}, {"key": "contract-manager", "type": "clause", "offset": [5030, 5046]}, {"key": "designated-contact", "type": "definition", "offset": [5056, 5074]}, {"key": "contractor-must-follow", "type": "clause", "offset": [5099, 5121]}, {"key": "procedure-for-reporting", "type": "clause", "offset": [5126, 5149]}, {"key": "managing-information", "type": "clause", "offset": [5154, 5174]}, {"key": "every-reasonable-effort", "type": "definition", "offset": [5372, 5395]}, {"key": "the-records", "type": "clause", "offset": [5407, 5418]}, {"key": "in-the-case", "type": "clause", "offset": [5611, 5622]}, {"key": "other-actions", "type": "definition", "offset": [5825, 5838]}, {"key": "as-needed", "type": "definition", "offset": [5839, 5848]}, {"key": "provide-the", "type": "clause", "offset": [5850, 5861]}, {"key": "investigation-reports", "type": "clause", "offset": [5888, 5909]}, {"key": "confirmation-of", "type": "clause", "offset": [6069, 6084]}, {"key": "chain-of-custody", "type": "definition", "offset": [6161, 6177]}, {"key": "such-security", "type": "definition", "offset": [6185, 6198]}, {"key": "security-breaches", "type": "clause", "offset": [6417, 6434]}, {"key": "the-tenancy", "type": "clause", "offset": [6461, 6472]}, {"key": "timely-access", "type": "clause", "offset": [6525, 6538]}, {"key": "user-interface", "type": "clause", "offset": [6578, 6592]}, {"key": "other-security", "type": "clause", "offset": [6645, 6659]}, {"key": "for-example", "type": "clause", "offset": [6757, 6768]}, {"key": "to-the-contractor", "type": "clause", "offset": [6786, 6803]}, {"key": "to-assist", "type": "clause", "offset": [6817, 6826]}, {"key": "in-case-of", "type": "clause", "offset": [6897, 6907]}, {"key": "technical-limitations", "type": "clause", "offset": [6908, 6929]}, {"key": "site-visits", "type": "clause", "offset": [6988, 6999]}, {"key": "direct-access", "type": "clause", "offset": [7010, 7023]}, {"key": "and-support", "type": "clause", "offset": [7085, 7096]}, {"key": "assistance-in-legal-proceedings", "type": "clause", "offset": [7132, 7163]}, {"key": "related-to", "type": "definition", "offset": [7203, 7213]}], "size": 19, "snippet": "The Contractor must patch all Systems regularly in line with security best practices and ensure that current software, operating systems and application patching levels are maintained. The Contractor must ensure that all Systems have all patches installed on a regular schedule, within the time frame recommended by the manufacturer unless the Province otherwise consents in writing. The Contractor must ensure that vulnerabilities are remedied and patches installed on an accelerated basis for zero-day, critical and high vulnerabilities. For zero-day vulnerabilities, the Contractor must implement appropriate mitigation measures promptly on notification of the zero-day vulnerability. The Contractor must remediate zero-day, high and critical vulnerabilities through patching, decommission, or compensating controls. The Contractor must patch high vulnerabilities within 30 days or less of discovery and patch medium vulnerabilities within 90 days or less of discovery. The Contractor must ensure that a vulnerability scan is completed on components of all Systems: with any identified vulnerabilities remedied, before being placed into production; and on a regular schedule, set at a minimum of one scan per quarter, unless the Province otherwise consents in writing. The Contractor must ensure that a vulnerability scan is completed on any web applications used for Tenancy or in any other Systems: and on any major changes to such web applications, with any identified vulnerabilities remedied, before being placed into production; and on a regular schedule, set at a minimum of one scan per quarter, unless the Province otherwise consents in writing. The Contractor must ensure that all Systems servers: have antivirus and malware protection configured, active and enabled at all times; have antivirus and malware definitions updated at least once a day; and are configured to undergo a full anti-virus scan for latent infections (to detect infections missed by the real-time agent) at least once a week. The Contractor must ensure that all disposals of assets used in providing or relating to the Services are done in a secure manner that ensures that Protected Information cannot be recovered. The Contractor must have asset management and disposal Policies that are followed, and reviewed and updated regularly in line with security best practices, and that address hardware, software and other critical business assets. The Contractor must keep an asset management inventory that includes the name of the System, location, purpose, owner, and criticality, with assets added to inventory on commission and removed on decommission. Unless this Agreement otherwise specifies, the Contractor must retain all records containing Protected Information in the Contractor\u2019s possession until instructed by the Province in writing to dispose or deliver them as instructed. The Contractor must securely erase: records that contain Protected Information and Tenancy Security Event Logs when instructed in writing by the Province; and any backup, transitory and extra copies of records that contain Protected Information or Tenancy Security Event Logs when no longer needed in relation to this Agreement. The Contractor must ensure that Protected Information and Tenancy Security Event Logs on magnetic media are securely wiped by overwriting using procedures and adequate media wiping solutions, degaussing, or other method in line with security best practices for disposal of media. In addition to any obligation the Contractor may have to notify or assist the Province under applicable law or this Agreement, including the Privacy Protection Schedule if attached, if the Contractor is required (including under an enactment or a subpoena, warrant, order, demand or other request from a court, government agency or other legal authority) to produce, provide access to or otherwise disclose any Protected Information, the Contractor must, unless prohibited by applicable law, immediately notify and provide reasonable assistance to the Province so the Province may seek a protective order or other remedy to prevent or limit the disclosure. The Contractor must fully co-operate with the Province to enable the Province to comply with e-discovery and legal hold obligations. In addition to any obligation the Contractor may have under applicable law, including the Freedom of Information and Protection of Privacy Act, or this Agreement, if, during or after the Term, the Contractor discovers a suspected or actual unwanted or unexpected event or series of events that threaten the privacy or security of Protected Information (including its unauthorized access, collection, use, disclosure, alteration, storage or disposal) or Tenancy, whether accidental or deliberate, the Contractor must: immediately report the particulars of such incident to, and follow the instructions of, the Province, confirming any oral report with a notice in writing to the Province as soon as reasonably practicable (if unable to contact the Province\u2019s contract manager or other designated contact for this Agreement, the Contractor must follow the procedure for reporting and managing information incidents on the Province\u2019s website at \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587\u2587.\u2587\u2587\u2587.\u2587\u2587.\u2587\u2587/gov/content/governments/services-for-government/information-management-technology/information-security/information-incidents; and make every reasonable effort to recover the records containing Protected Information and contain and remediate such incident, following such reasonable instructions as the Province may give. The Contractor must: conduct security investigations in the case of incidents (including any security breach or compromise) affecting Devices, Facilities, Systems, Tenancy or Protected Information, collecting evidence, undertaking forensic activities and taking such other actions as needed; provide the Province with any related investigation reports, which the Contractor may sanitize first; upon the Province\u2019s request, provide the Province with any logs relating to such investigation reports as validation/confirmation of such investigation, which the Contractor may sanitize first; and maintain a chain of custody in all such security investigations it undertakes. Upon the Province\u2019s request, the Contractor must: provide investigative support to the Province to enable the Province to conduct its own security investigations into incidents (including security breaches or compromises) affecting the Tenancy or Protected Information; provide the Province with timely access via an on-line, real-time GUI (Graphic User Interface) facility to any Tenancy Security Event Logs and to other Security Event Logs for Systems (the latter of which the Contractor may sanitize first to mask or remove, for example, data pertaining to the Contractor\u2019s customers) to assist the Province in conducting the Province\u2019s security investigations, or in case of technical limitations, other method acceptable to the Province (for example, on-site visits to enable direct access to those Security Event Logs). The Contractor must work with and support the Province if the Province needs assistance in legal proceedings in relation to security investigations related to Protected Information or Tenancy.", "hash": "ed3893189080a6507c3feac6c124a18c", "id": 1}, {"samples": [{"hash": "1iNK94girGw", "uri": "/contracts/1iNK94girGw#patching", "label": "Corporate Supply Arrangement", "score": 34.4479179382, "published": true}, {"hash": "hYEzzvHJ3Zl", "uri": "/contracts/hYEzzvHJ3Zl#patching", "label": "Corporate Supply Arrangement", "score": 34.3306617737, "published": true}, {"hash": "dib6kTkcue0", "uri": "/contracts/dib6kTkcue0#patching", "label": "Corporate Supply Arrangement", "score": 33.7588691711, "published": true}], "snippet_links": [{"key": "the-contractor-must", "type": "clause", "offset": [0, 19]}, {"key": "security-best-practices", "type": "definition", "offset": [61, 84]}, {"key": "current-software", "type": "definition", "offset": [101, 117]}, {"key": "operating-systems", "type": "clause", "offset": [119, 136]}, {"key": "and-application", "type": "clause", "offset": [137, 152]}], "size": 5, "snippet": "The Contractor must patch all Systems regularly in line with security best practices and ensure that current software, operating systems and application patching levels are maintained.", "hash": "9e161cc3084c21057b03384331776054", "id": 6}, {"samples": [{"hash": "jfEsmiBddfP", "uri": "/contracts/jfEsmiBddfP#patching", "label": "Genesys Cloud Service Agreement", "score": 31.136472702, "published": true}, {"hash": "bvIHFY1krXQ", "uri": "/contracts/bvIHFY1krXQ#patching", "label": "Purecloud Service Agreement", "score": 30.7231292725, "published": true}, {"hash": "cy29jNBFmi8", "uri": "/contracts/cy29jNBFmi8#patching", "label": "Purecloud Service Agreement", "score": 30.5233020782, "published": true}], "snippet_links": [{"key": "server-instances", "type": "clause", "offset": [69, 85]}, {"key": "every-two-weeks", "type": "clause", "offset": [195, 210]}, {"key": "security-patches", "type": "definition", "offset": [227, 243]}], "size": 10, "snippet": "PureCloud does not patch. The strategy is to destroy and rebuild all server instances at least every 30 days on new \u201cgold images\u201d that have current patch levels. Gold images are updated at least every two weeks with up-to-date security patches.", "hash": "f39e714a549566a4ff814ffe929dadfd", "id": 2}, {"samples": [{"hash": "1ZdPskQyvxc", "uri": "/contracts/1ZdPskQyvxc#patching", "label": "External Painting Specification", "score": 29.9411945343, "published": true}, {"hash": "hXFqSamNtQO", "uri": "/contracts/hXFqSamNtQO#patching", "label": "External Painting Specification", "score": 29.3865890503, "published": true}, {"hash": "dbg1yhsCaZY", "uri": "/contracts/dbg1yhsCaZY#patching", "label": "External Painting Specification", "score": 24.2512874603, "published": true}], "snippet_links": [{"key": "an-appropriate", "type": "clause", "offset": [99, 113]}, {"key": "multiple-applications", "type": "clause", "offset": [132, 153]}, {"key": "weather-conditions", "type": "clause", "offset": [244, 262]}], "size": 9, "snippet": "Repair surface defects such as spalls, bugholes, pitting or other voids in the surface by applying an appropriate leveler in one or multiple applications to fill the void until it is flush with the surface. Moist cure the patch when hot or dry weather conditions exist.", "hash": "f4778e7ae0a7ac10d9fdf2c2d2c22890", "id": 3}, {"samples": [{"hash": "lSIjCZv8fUX", "uri": "/contracts/lSIjCZv8fUX#patching", "label": "G Cloud 13 Call Off Contract", "score": 36.527721405, "published": true}, {"hash": "fgJdtcyM2gG", "uri": "/contracts/fgJdtcyM2gG#patching", "label": "G Cloud 13 Call Off Contract", "score": 36.5044517517, "published": true}], "snippet_links": [{"key": "the-supplier-must", "type": "clause", "offset": [5, 22]}, {"key": "public-releases", "type": "clause", "offset": [71, 86]}, {"key": "technically-feasible", "type": "clause", "offset": [217, 237]}, {"key": "working-days", "type": "clause", "offset": [257, 269]}, {"key": "the-public", "type": "clause", "offset": [273, 283]}, {"key": "as-required-by", "type": "clause", "offset": [394, 408]}, {"key": "to-mitigate", "type": "definition", "offset": [1384, 1395]}, {"key": "the-risk", "type": "definition", "offset": [1396, 1404]}], "size": 4, "snippet": "14.1 The Supplier must, and must ensure that Subcontractors, treat any public releases of patches for vulnerabilities as follows:\n(a) the Supplier must patch any vulnerabilities classified as \u201ccritical\u201d:\n(i) if it is technically feasible to do so, within 5 Working Days of the public release; or\n(ii) if it is technical feasible to patch the vulnerability but not technically feasible to do so as required by Paragraph 14.1(a)(i), then as soon as reasonably practicable after the public release;\n(b) the Supplier must patch any vulnerabilities classified as \u201cimportant\u201d:\n(i) if it is technically feasible to do so, within 1 month of the public release; or\n(ii) if it is technical feasible to patch the vulnerability but not technically feasible to do so as required by Paragraph 14.1(b)(i), then as soon as reasonably practicable after the public release;\n(c) the Supplier must remedy any vulnerabilities classified as \u201cother\u201d in the public release:\n(i) if it is technically feasible to do so, within 2 months of the public release; or\n(ii) if it is technical feasible to remedy the vulnerability but not technically feasible to do so as required by Paragraph 14.1(c)(i), then as soon as reasonably practicable after the public release;\n(d) where it is not technically feasible to patch the vulnerability, the Supplier must implement appropriate technical and organisational measures to mitigate the risk posed by the vulnerability.", "hash": "c2887838cac0bff2e19ff3538d0bbf25", "id": 7}, {"samples": [{"hash": "gN0MMlUx4Lj", "uri": "/contracts/gN0MMlUx4Lj#patching", "label": "Agreement for Construction Management Services", "score": 36.2684326172, "published": true}, {"hash": "iM2fTaGiliN", "uri": "/contracts/iM2fTaGiliN#patching", "label": "Construction Management Services Agreement", "score": 34.5560112, "published": true}, {"hash": "eCm0cwrUOyB", "uri": "/contracts/eCm0cwrUOyB#patching", "label": "Construction Management Services Agreement", "score": 33.449546814, "published": true}], "snippet_links": [{"key": "of-work", "type": "clause", "offset": [20, 27]}, {"key": "complete-the-project", "type": "definition", "offset": [52, 72]}, {"key": "in-accordance-with", "type": "clause", "offset": [73, 91]}, {"key": "the-contract-documents", "type": "definition", "offset": [92, 114]}, {"key": "responsibility-of", "type": "clause", "offset": [127, 144]}, {"key": "construction-manager", "type": "clause", "offset": [145, 165]}], "size": 8, "snippet": "Cutting or patching of work that may be required to complete the Project in accordance with the Contract Documents will be the responsibility of Construction Manager.", "hash": "4bbad49d5f249ff2a828af5291a977b3", "id": 4}, {"samples": [{"hash": "hrIMHvPZLhW", "uri": "/contracts/hrIMHvPZLhW#patching", "label": "Standard Terms and Conditions for Business Technology Services", "score": 25.5448322296, "published": true}, {"hash": "2BKIe1i39o7", "uri": "/contracts/2BKIe1i39o7#patching", "label": "Standard Terms and Conditions for Business Technology Services", "score": 25.1218338013, "published": true}, {"hash": "l9gtntOncVY", "uri": "/contracts/l9gtntOncVY#patching", "label": "Maintenance Service Agreement", "score": 24.6427097321, "published": true}], "snippet_links": [{"key": "application-updates", "type": "clause", "offset": [19, 38]}, {"key": "complete-list", "type": "clause", "offset": [40, 53]}, {"key": "upon-request", "type": "clause", "offset": [64, 76]}, {"key": "firmware-updates", "type": "clause", "offset": [116, 132]}, {"key": "unless-otherwise-indicated", "type": "clause", "offset": [133, 159]}, {"key": "sales-order", "type": "definition", "offset": [167, 178]}], "size": 6, "snippet": "Automatic software application updates (complete list available upon request). Patching does not include version or firmware updates unless otherwise indicated on the Sales Order.", "hash": "e8a83391662863215785ec2a6f15ed9a", "id": 5}, {"samples": [{"hash": "hpn7yFveBRA", "uri": "/contracts/hpn7yFveBRA#patching", "label": "Data Security Exhibit", "score": 33.8496780396, "published": true}, {"hash": "8MMjePOK6aP", "uri": "/contracts/8MMjePOK6aP#patching", "label": "Data Security Exhibit", "score": 24.8665294647, "published": true}, {"hash": "4eNGMsStLLy", "uri": "/contracts/4eNGMsStLLy#patching", "label": "Data Security Exhibit", "score": 24.661190033, "published": true}], "snippet_links": [{"key": "software-patching", "type": "clause", "offset": [2, 19]}, {"key": "in-place", "type": "clause", "offset": [31, 39]}, {"key": "in-a-timely-manner", "type": "definition", "offset": [66, 84]}, {"key": "based-on", "type": "definition", "offset": [85, 93]}, {"key": "scans-and-assessments", "type": "clause", "offset": [94, 115]}], "size": 3, "snippet": "A software patching process is in place to remedy vulnerabilities in a timely manner based on scans and assessments.", "hash": "91250007d3cddb586adb025314b84316", "id": 9}, {"samples": [{"hash": "6PMRijZSRzX", "uri": "/contracts/6PMRijZSRzX#patching", "label": "Design Bid Build Construction Contract", "score": 20.1279945374, "published": true}, {"hash": "63mqSImCfma", "uri": "/contracts/63mqSImCfma#patching", "label": "Design Bid Build Construction Contract", "score": 20.1279945374, "published": true}, {"hash": "31FJEv2qhi9", "uri": "/contracts/31FJEv2qhi9#patching", "label": "Design Bid Build Construction Contract", "score": 20.1279945374, "published": true}], "snippet_links": [{"key": "finished-work", "type": "clause", "offset": [63, 76]}, {"key": "new-work", "type": "clause", "offset": [171, 179]}], "size": 3, "snippet": "Where removals leave holes and damaged surfaces exposed in the finished work, patch and repair these holes and damaged surfaces to match adjacent finished surfaces. Where new work is to be applied to existing surfaces, perform removals and patching in a manner to produce surfaces suitable for receiving new work. Finished surfaces of patched area shall be flush with the adjacent existing surface and shall match the existing adjacent surface as closely as possible as to texture and finish.", "hash": "7259201c7c6d8299ff990e8d96033008", "id": 8}, {"samples": [{"hash": "gdru1hvZ96m", "uri": "/contracts/gdru1hvZ96m#patching", "label": "Data Processing Agreement", "score": 35.4034957886, "published": true}, {"hash": "dc4SzNAaAJh", "uri": "/contracts/dc4SzNAaAJh#patching", "label": "Data Processing Agreement", "score": 35.2360343933, "published": true}, {"hash": "dn8lUgGivOF", "uri": "/contracts/dn8lUgGivOF#patching", "label": "Data Processing Agreement", "score": 35.1549263, "published": true}], "snippet_links": [{"key": "management-process", "type": "clause", "offset": [39, 57]}, {"key": "corrective-actions", "type": "definition", "offset": [171, 189]}, {"key": "all-components", "type": "clause", "offset": [242, 256]}, {"key": "the-application", "type": "clause", "offset": [260, 275]}, {"key": "reasonable-risk", "type": "definition", "offset": [300, 315]}], "size": 3, "snippet": "\u2587\u2587\u2587\u2587\u2587\u2587 maintains a vulnerability patch management process designed to identify and remediate vulnerabilities. \u2587\u2587\u2587\u2587\u2587\u2587 regularly and periodically patches and/or takes other corrective actions to remediate known or discovered vulnerabilities to all components of the application stack in a commercially reasonable risk-based timeframe, giving greater priority to vulnerabilities with a higher severity rating.", "hash": "dffac0cab7537d8507fa287b6e2ff43e", "id": 10}], "next_curs": "ClESS2oVc35sYXdpbnNpZGVyY29udHJhY3Rzci0LEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IhFwYXRjaGluZyMwMDAwMDAwYQyiAQJlbhgAIAA=", "clause": {"parents": [["entire-agreement-conflict", "Entire Agreement; Conflict"], ["security-program", "Security Program"], ["your-users", "Your users"], ["scope-and-purpose-of-data-processing", "Scope and Purpose of Data Processing"], ["masonry", "MASONRY"]], "title": "Patching", "children": [["control-plane", "Control Plane"], ["data-plane", "Data Plane"]], "size": 130, "id": "patching", "related": [["cutting-and-patching", "CUTTING AND PATCHING", "CUTTING AND <strong>PATCHING</strong>"], ["landscaping", "Landscaping", "Landscaping"], ["walls", "Walls", "Walls"], ["grading", "Grading", "Grading"], ["fencing", "Fencing", "Fencing"]], "related_snippets": [], "updated": "2025-07-24T04:27:57+00:00", "also_ask": ["What minimum patching timelines should be mandated to balance security and operational feasibility?", "How can liability for delayed or failed patching be clearly allocated between parties?", "What are the most effective mechanisms to verify and enforce patching compliance?", "How does this patching clause compare to industry standards and regulatory requirements?", "What are the main risks if patching obligations are vaguely defined or lack specific remedies?"], "drafting_tip": "Specify patching responsibilities, set clear timelines, and require notification of updates to ensure accountability, timely security, and effective communication.", "explanation": "The Patching clause outlines the responsibilities and procedures for applying software updates, fixes, or patches to a system or application. Typically, it specifies which party is responsible for providing and installing patches, the timeframe for implementing critical updates, and any requirements for testing or notification before deployment. This clause ensures that vulnerabilities are addressed promptly, reducing security risks and maintaining the stability and reliability of the software."}, "json": true, "cursor": ""}}