{"component": "clause", "props": {"groups": [{"samples": [{"hash": "lIKVElYETr5", "uri": "/contracts/lIKVElYETr5#penetration-testing", "label": "Transfer Agency and Service Agreement (Blackrock Muniassets Fund, Inc.)", "score": 31.4010944366, "published": true}, {"hash": "bgjcMmHFdE9", "uri": "/contracts/bgjcMmHFdE9#penetration-testing", "label": "Transfer Agency and Service Agreement", "score": 31.3408622742, "published": true}, {"hash": "cr2xvTNWBtj", "uri": "/contracts/cr2xvTNWBtj#penetration-testing", "label": "Transfer Agency and Service Agreement (Blackrock Credit Allocation Income Trust)", "score": 31.0013694763, "published": true}], "snippet": "For Computershare systems that host or process Customer Confidential Information, Computershare shall at least annually engage at its own expense a third party service provider for penetration testing and provide Customer with an executive overview of such testing. The method of test scoring and issue ratings shall follow standard industry practice, such as the latest Common Vulnerability Scoring System (CVSS) published by the US National Institute of Standards and Technology (NIST). For any material findings (critical, priority, or high risk), Computershare shall within thirty (30) days from its receipt of penetration test results produce a remediation plan detailing the actions and dates by when these security issues shall be fully resolved. Computershare\u2019s failure to prepare and schedule a remediation plan within sixty (60) days of the penetration test report represents sufficient grounds for Customer to terminate the Agreement for cause.", "snippet_links": [{"key": "customer-confidential-information", "type": "clause", "offset": [47, 80]}, {"key": "third-party-service-provider", "type": "definition", "offset": [148, 176]}, {"key": "executive-overview", "type": "clause", "offset": [230, 248]}, {"key": "method-of", "type": "clause", "offset": [270, 279]}, {"key": "standard-industry-practice", "type": "definition", "offset": [324, 350]}, {"key": "scoring-system", "type": "definition", "offset": [392, 406]}, {"key": "national-institute-of-standards-and-technology", "type": "definition", "offset": [434, 480]}, {"key": "high-risk", "type": "clause", "offset": [539, 548]}, {"key": "within-thirty", "type": "clause", "offset": [571, 584]}, {"key": "receipt-of", "type": "clause", "offset": [604, 614]}, {"key": "test-results", "type": "clause", "offset": [627, 639]}, {"key": "remediation-plan", "type": "clause", "offset": [650, 666]}, {"key": "the-actions", "type": "clause", "offset": [677, 688]}, {"key": "security-issues", "type": "clause", "offset": [713, 728]}, {"key": "fully-resolved", "type": "definition", "offset": [738, 752]}, {"key": "failure-to", "type": "clause", "offset": [770, 780]}, {"key": "schedule-a", "type": "clause", "offset": [793, 803]}, {"key": "test-report", "type": "clause", "offset": [863, 874]}, {"key": "for-customer", "type": "clause", "offset": [905, 917]}, {"key": "agreement-for-cause", "type": "clause", "offset": [935, 954]}], "size": 18, "hash": "1ea1c6f86e69a0fc1aa1e742a4c2879b", "id": 1}, {"samples": [{"hash": "avlmYROakr2", "uri": "/contracts/avlmYROakr2#penetration-testing", "label": "User Agreement", "score": 31.4895935059, "published": true}, {"hash": "klHy97OOd02", "uri": "/contracts/klHy97OOd02#penetration-testing", "label": "User Agreement", "score": 31.4813804626, "published": true}, {"hash": "3yuHxiF16pS", "uri": "/contracts/3yuHxiF16pS#penetration-testing", "label": "User Agreement", "score": 31.2757263184, "published": true}], "snippet": "Smartsheet uses external security experts to conduct penetration testing of certain Services, including the Subscription Service. Such testing will: (a) be performed at least annually; (b) be performed by independent third party security professionals at Smartsheet\u2019s selection and expense; and (c) result in the generation of a penetration test report (\u201cPen Test Report\u201d), which will be Smartsheet\u2019s Confidential Information. Pen Test Reports will be made available to Customer upon written request no more than annually subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement covering the Pen Test Report.", "snippet_links": [{"key": "external-security", "type": "clause", "offset": [16, 33]}, {"key": "certain-services", "type": "clause", "offset": [76, 92]}, {"key": "the-subscription-service", "type": "clause", "offset": [104, 128]}, {"key": "performed-by", "type": "clause", "offset": [192, 204]}, {"key": "third-party-security", "type": "definition", "offset": [217, 237]}, {"key": "confidential-information", "type": "clause", "offset": [401, 425]}, {"key": "test-reports", "type": "definition", "offset": [431, 443]}, {"key": "to-customer", "type": "clause", "offset": [467, 478]}, {"key": "written-request", "type": "definition", "offset": [484, 499]}, {"key": "subject-to-the", "type": "definition", "offset": [522, 536]}, {"key": "agreement-or", "type": "definition", "offset": [572, 584]}, {"key": "agreement-covering", "type": "clause", "offset": [618, 636]}], "size": 10, "hash": "68d763da328978549daf9dc509d0814a", "id": 3}, {"samples": [{"hash": "9Fy0x6bJsq1", "uri": "/contracts/9Fy0x6bJsq1#penetration-testing", "label": "Data Processing Addendum", "score": 34.049030304, "published": true}, {"hash": "i9EC9EjklLp", "uri": "/contracts/i9EC9EjklLp#penetration-testing", "label": "Data Processing Addendum", "score": 33.7955169678, "published": true}, {"hash": "d19E2fdXer7", "uri": "/contracts/d19E2fdXer7#penetration-testing", "label": "Data Processing Agreement", "score": 27.6064338684, "published": true}], "snippet": "On at least an annual basis, Genesys will conduct a vulnerability assessment and penetration testing engagement with an independent qualified vendor. Issues identified during the engagement will be appropriately addressed within a reasonable time-frame commensurate with the identified risk level of the issue. Test results will be made available to Customer upon written request and will be subject to non-disclosure and confidentiality agreements.", "snippet_links": [{"key": "annual-basis", "type": "definition", "offset": [15, 27]}, {"key": "vulnerability-assessment", "type": "definition", "offset": [52, 76]}, {"key": "an-independent", "type": "clause", "offset": [117, 131]}, {"key": "qualified-vendor", "type": "definition", "offset": [132, 148]}, {"key": "the-engagement", "type": "clause", "offset": [175, 189]}, {"key": "reasonable-time", "type": "clause", "offset": [231, 246]}, {"key": "risk-level", "type": "definition", "offset": [286, 296]}, {"key": "the-issue", "type": "clause", "offset": [300, 309]}, {"key": "test-results", "type": "clause", "offset": [311, 323]}, {"key": "to-customer", "type": "clause", "offset": [347, 358]}, {"key": "written-request", "type": "definition", "offset": [364, 379]}, {"key": "subject-to", "type": "clause", "offset": [392, 402]}, {"key": "confidentiality-agreements", "type": "definition", "offset": [422, 448]}], "size": 11, "hash": "2db64f0c480814659027f78b2e432796", "id": 2}, {"samples": [{"hash": "eTT5nwI6k6F", "uri": "/contracts/eTT5nwI6k6F#penetration-testing", "label": "Microsoft Cloud Agreement", "score": 24.6947288513, "published": true}, {"hash": "8ZqmqisRcxd", "uri": "/contracts/8ZqmqisRcxd#penetration-testing", "label": "Microsoft Cloud Agreement", "score": 24.6947288513, "published": true}], "snippet": "At least annually, Microsoft will conduct third party penetration testing against the Online Services, including evidence of data isolation among", "snippet_links": [{"key": "third-party", "type": "clause", "offset": [42, 53]}, {"key": "online-services", "type": "definition", "offset": [86, 101]}, {"key": "evidence-of", "type": "clause", "offset": [113, 124]}], "size": 5, "hash": "2a4d25d9c43b94000b5306093f42de51", "id": 7}, {"samples": [{"hash": "d2ihwBNfKe", "uri": "/contracts/d2ihwBNfKe#penetration-testing", "label": "Hornbill Subscription Agreement", "score": 35.0493354797, "published": true}, {"hash": "eQRX3QBubif", "uri": "/contracts/eQRX3QBubif#penetration-testing", "label": "Public Sector Subscription Agreement", "score": 34.1324272156, "published": true}, {"hash": "dZjdJbQNm1K", "uri": "/contracts/dZjdJbQNm1K#penetration-testing", "label": "End User Subscription Agreement", "score": 33.1674118042, "published": true}], "snippet": "In addition to regular internal testing HTL contracts third party security organisations, at least annually, to perform penetration testing to identify vulnerabilities and remediation steps that will help to increase the security of the HTL service.", "snippet_links": [{"key": "in-addition-to", "type": "clause", "offset": [0, 14]}, {"key": "third-party-security", "type": "definition", "offset": [54, 74]}, {"key": "security-of-the", "type": "clause", "offset": [221, 236]}], "size": 9, "hash": "84e3900606fb7d2e92e167c83e3951c0", "id": 4}, {"samples": [{"hash": "3uacNiUS9Kw", "uri": "/contracts/3uacNiUS9Kw#penetration-testing", "label": "Saas Subscription Agreement", "score": 34.7926902771, "published": true}, {"hash": "cpFCJTIvKr6", "uri": "/contracts/cpFCJTIvKr6#penetration-testing", "label": "Saas Subscription Agreement", "score": 33.8793144226, "published": true}, {"hash": "lE5UnVEUZyg", "uri": "/contracts/lE5UnVEUZyg#penetration-testing", "label": "Saas Subscription Agreement", "score": 32.6967735291, "published": true}], "snippet": "Sysdig, or an authorized third party on Sysdig\u2019s behalf, conducts annual penetration testing of its SaaS Service to assess current threats and vulnerabilities. Each security concern is reviewed to determine if it is applicable, ranked based on risk, and assigned to the appropriate team for remediation.", "snippet_links": [{"key": "authorized-third-party", "type": "clause", "offset": [14, 36]}, {"key": "saas-service", "type": "definition", "offset": [100, 112]}, {"key": "security-concern", "type": "clause", "offset": [165, 181]}, {"key": "to-determine", "type": "clause", "offset": [194, 206]}, {"key": "based-on", "type": "definition", "offset": [235, 243]}], "size": 5, "hash": "471f45655308a3e8035acfa82c2a10cd", "id": 6}, {"samples": [{"hash": "inITs4e1Wt8", "uri": "/contracts/inITs4e1Wt8#penetration-testing", "label": "Master Purchase Agreement for Services", "score": 27.2642021179, "published": true}, {"hash": "fvc3W53Hlx3", "uri": "/contracts/fvc3W53Hlx3#penetration-testing", "label": "Master Purchase Agreement for Services", "score": 27.119096756, "published": true}, {"hash": "4aT7Kp3Ik6l", "uri": "/contracts/4aT7Kp3Ik6l#penetration-testing", "label": "Master Purchase Agreement for Services", "score": 27.043806076, "published": true}], "snippet": "Vendor shall test the security of its assets, systems and software used to store, process, transmit or maintain Confidential Information as frequently as necessary to confirm that system integrity and security are consistent with current leading industry accepted standards and practices. Vendor is responsible for and shall conduct penetration testing of its own products, assets, systems and software to identify and remediate vulnerabilities in its own environment and to communicate identified vulnerabilities and remediation steps to Customer based on current leading industry accepted penetration testing approaches. Vendor shall provide Customer with Vendor\u2019s penetration test results as it relates to assets, systems and software used to store, process, transmit or maintain Confidential Information, including all relevant details regarding each vulnerability identified.", "snippet_links": [{"key": "security-of", "type": "clause", "offset": [22, 33]}, {"key": "systems-and-software", "type": "clause", "offset": [46, 66]}, {"key": "maintain-confidential-information", "type": "clause", "offset": [103, 136]}, {"key": "system-integrity", "type": "clause", "offset": [180, 196]}, {"key": "and-security", "type": "clause", "offset": [197, 209]}, {"key": "consistent-with", "type": "definition", "offset": [214, 229]}, {"key": "standards-and-practices", "type": "clause", "offset": [264, 287]}, {"key": "responsible-for", "type": "clause", "offset": [299, 314]}, {"key": "to-customer", "type": "clause", "offset": [536, 547]}, {"key": "based-on", "type": "definition", "offset": [548, 556]}, {"key": "vendor-shall-provide", "type": "clause", "offset": [623, 643]}, {"key": "test-results", "type": "clause", "offset": [679, 691]}, {"key": "relates-to", "type": "definition", "offset": [698, 708]}], "size": 5, "hash": "4b4eb2a718997ae065f3a298e77d01b1", "id": 5}, {"samples": [{"hash": "gAwCfSpDywM", "uri": "/contracts/gAwCfSpDywM#penetration-testing", "label": "Global Master Services Agreement", "score": 29.3408622742, "published": true}, {"hash": "jZME92kCB0J", "uri": "/contracts/jZME92kCB0J#penetration-testing", "label": "Global Master Services Agreement (Dun & Bradstreet Corp/Nw)", "score": 21.0, "published": true}, {"hash": "ePEqxXynx04", "uri": "/contracts/ePEqxXynx04#penetration-testing", "label": "Global Master Services Agreement (Dun & Bradstreet Corp/Nw)", "score": 21.0, "published": true}], "snippet": "At least ***, Acxiom will engage *** a third party security services provider to perform perimeter vulnerability and penetration testing of Acxiom\u2019s external systems and databases. Acxiom will provide to D&B the \u201cStatement of Opinion\u201d issued to Acxiom by such third party provider following each such vulnerability and/or penetration test series, which shall be provided to D&B promptly upon its receipt by Acxiom. Additionally, Acxiom will itself perform regular vulnerability testing on external and internal devices connected to the Acxiom network supporting D&B. At least once each calendar quarter, or more frequently as D&B may reasonably request, the parties will include in the agenda for the meetings described in Section 11.2(b)(iii) above: (a) discussion of testing methodologies used by Acxiom, (b) identification of any requirements to modify such testing methodologies, in order to meet industry standards for testing, along with associated timeline(s) for inclusion of such modifications into the testing, and (c) a summary of the most current *** vulnerability scanning results, including but not limited to discussing scan results for portions of Acxiom systems that are dedicated to supporting only D&B. ***", "snippet_links": [{"key": "services-provider", "type": "definition", "offset": [60, 77]}, {"key": "external-systems", "type": "definition", "offset": [149, 165]}, {"key": "will-provide", "type": "clause", "offset": [188, 200]}, {"key": "statement-of", "type": "clause", "offset": [213, 225]}, {"key": "issued-to", "type": "definition", "offset": [235, 244]}, {"key": "third-party-provider", "type": "definition", "offset": [260, 280]}, {"key": "promptly-upon", "type": "definition", "offset": [378, 391]}, {"key": "vulnerability-testing", "type": "clause", "offset": [464, 485]}, {"key": "calendar-quarter", "type": "clause", "offset": [586, 602]}, {"key": "reasonably-request", "type": "definition", "offset": [634, 652]}, {"key": "the-parties-will", "type": "clause", "offset": [654, 670]}, {"key": "agenda-for-the-meetings", "type": "clause", "offset": [686, 709]}, {"key": "in-order-to", "type": "clause", "offset": [884, 895]}, {"key": "industry-standards", "type": "clause", "offset": [901, 919]}, {"key": "inclusion-of", "type": "clause", "offset": [971, 983]}, {"key": "the-testing", "type": "definition", "offset": [1008, 1019]}, {"key": "the-most-current", "type": "definition", "offset": [1042, 1058]}, {"key": "vulnerability-scanning", "type": "clause", "offset": [1063, 1085]}, {"key": "not-limited", "type": "clause", "offset": [1109, 1120]}], "size": 4, "hash": "06c926564cd4e93dc685bb53dec78416", "id": 9}, {"samples": [{"hash": "891l7Yg5oAz", "uri": "/contracts/891l7Yg5oAz#penetration-testing", "label": "Master Services Agreement", "score": 33.3592147827, "published": true}, {"hash": "fkXskJS4lAJ", "uri": "/contracts/fkXskJS4lAJ#penetration-testing", "label": "Master Services Agreement", "score": 27.4736480713, "published": true}, {"hash": "l1rko6pc36s", "uri": "/contracts/l1rko6pc36s#penetration-testing", "label": "Master Services Agreement", "score": 27.1806983948, "published": true}], "snippet": "You acknowledge that penetration testing services are intended to probe and exploit system weaknesses which can cause damage to vulnerable systems. You agree that Palo Alto Networks shall not be liable for any resulting damage and You are advised to fully back up systems and data and take other measures it deems appropriate given the volatile nature of penetration testing.", "snippet_links": [{"key": "you-acknowledge", "type": "clause", "offset": [0, 15]}, {"key": "penetration-testing-services", "type": "clause", "offset": [21, 49]}, {"key": "you-agree", "type": "clause", "offset": [148, 157]}, {"key": "palo-alto-networks", "type": "definition", "offset": [163, 181]}, {"key": "systems-and-data", "type": "clause", "offset": [264, 280]}, {"key": "other-measures", "type": "clause", "offset": [290, 304]}, {"key": "nature-of", "type": "clause", "offset": [345, 354]}], "size": 4, "hash": "1580f0256c562e3fd8833b4b6c1a617a", "id": 8}, {"samples": [{"hash": "gOeg1ZRXuHl", "uri": "/contracts/gOeg1ZRXuHl#penetration-testing", "label": "Master Service Agreement", "score": 35.3666954041, "published": true}, {"hash": "iy1gnyLVXfG", "uri": "/contracts/iy1gnyLVXfG#penetration-testing", "label": "Master Service Agreement", "score": 35.1467971802, "published": true}, {"hash": "5GdFwZ9gTYV", "uri": "/contracts/5GdFwZ9gTYV#penetration-testing", "label": "Master Service Agreement", "score": 28.1909656525, "published": true}], "snippet": "You understand and agree that security devices, alarms or other security measures, both physical and virtual, may be tripped or activated during the penetration testing process, despite our efforts to avoid such occurrences. You will be solely responsible for notifying any monitoring company and all law enforcement authorities of the potential for \u201cfalse alarms\u201d due to the provision of the penetration testing services, and you agree to take all steps necessary to ensure that false alarms are not reported or treated as \u201creal alarms\u201d or credible threats against any person, place or property. Some alarms and advanced security measures, when activated, may cause the partial or complete shutdown of the Environment, causing substantial downtime and/or delay to your business activities. We will not be responsible for and will be held harmless and indemnified by you against, any claims, costs, fees or expenses arising or resulting from (i) any response to the penetration testing services by any monitoring company or law enforcement authorities, or", "snippet_links": [{"key": "understand-and-agree-that", "type": "clause", "offset": [4, 29]}, {"key": "security-devices", "type": "clause", "offset": [30, 46]}, {"key": "other-security-measures", "type": "clause", "offset": [58, 81]}, {"key": "testing-process", "type": "definition", "offset": [161, 176]}, {"key": "responsible-for", "type": "clause", "offset": [244, 259]}, {"key": "monitoring-company", "type": "definition", "offset": [274, 292]}, {"key": "law-enforcement-authorities", "type": "definition", "offset": [301, 328]}, {"key": "false-alarms", "type": "definition", "offset": [351, 363]}, {"key": "provision-of-the", "type": "clause", "offset": [376, 392]}, {"key": "penetration-testing-services", "type": "clause", "offset": [393, 421]}, {"key": "you-agree-to", "type": "clause", "offset": [427, 439]}, {"key": "to-ensure", "type": "clause", "offset": [465, 474]}, {"key": "not-reported", "type": "definition", "offset": [497, 509]}, {"key": "any-person", "type": "definition", "offset": [566, 576]}, {"key": "complete-shutdown", "type": "definition", "offset": [682, 699]}, {"key": "the-environment", "type": "clause", "offset": [703, 718]}, {"key": "business-activities", "type": "definition", "offset": [770, 789]}, {"key": "be-responsible", "type": "clause", "offset": [803, 817]}, {"key": "held-harmless", "type": "clause", "offset": [834, 847]}, {"key": "resulting-from", "type": "definition", "offset": [927, 941]}], "size": 3, "hash": "567f406fa6349148abecf0da7d9310ed", "id": 10}], "next_curs": "ClwSVmoVc35sYXdpbnNpZGVyY29udHJhY3RzcjgLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IhxwZW5ldHJhdGlvbi10ZXN0aW5nIzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"children": [["technical-security-measures", "Technical Security Measures"], ["technical-and-network-access-controls", "Technical and Network Access Controls"], ["data-encryption", "Data Encryption"], ["secure-management-and-disposal-of-equipment", "Secure Management and Disposal of Equipment"], ["monitoring", "Monitoring"]], "title": "Penetration Testing", "size": 157, "parents": [["miscellaneous", "Miscellaneous"], ["general", "General"], ["definitions", "Definitions"], ["counterparts", "Counterparts"], ["auditing-and-reporting", "Auditing and Reporting"]], "id": "penetration-testing", "related": [["substance-abuse-testing", "Substance Abuse Testing", "Substance Abuse Testing"], ["oduf-testing", "ODUF Testing", "ODUF Testing"], ["meter-testing", "Meter Testing", "Meter Testing"], ["inspection-testing", "Inspection/Testing", "Inspection/Testing"], ["alcohol-testing", "Alcohol Testing", "Alcohol Testing"]], "related_snippets": [], "updated": "2025-07-24T04:27:51+00:00"}, "json": true, "cursor": ""}}