Common use of Security Evaluations Clause in Contracts

Security Evaluations. Notified shall periodically (no less than annually) evaluate its processes and systems to ensure continued compliance with obligations imposed by law, regulation or contract with respect to the confidentiality, integrity, availability, and security of Customer Information and Notified Processing Resources. Notified shall periodically (no less than annually) have a reputable third party perform vulnerability assessments and penetration tests of its publicly accessible Information Processing Resources. Notified shall document the results of these evaluations and any remediation activities taken in response to such evaluations.