Security Testing Clause Samples
POPULAR SAMPLE Copied 51 times
Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 94.2 or 94.3 of this Call Off Schedule reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes to...
Security Testing. Flexera has arranged for all testing as detailed in this Section below to be undertaken by an independent third party.
a. Flexera, through its contractors, will perform penetration testing on the Flexera’s systems no more than once every twelve (12) months. If the penetration testing conducted discovers vulnerabilities in Flexera’s systems, Flexera will, to the extent that such vulnerabilities result in an inability to materially comply with this Schedule, remediate such vulnerabilities and re-perform the penetration testing focusing on those vulnerabilities discovered from the initial penetration testing. Upon receipt of a written request, Flexera will make available the penetration testing executive summary report to Customer.
b. Flexera will, upon request, provide mutually agreed metrics at an agreed frequency to Customer to illustrate the performance of the testing schedule.
Security Testing. Fiserv may use a third party to provide monitoring, penetration and intrusion testing with respect to certain Services. Upon Client’s written request, Fiserv agrees to provide Client with a copy of its most recent security certification, if any, for the applicable Fiserv service center providing such Services.
Security Testing a. Yahoo, its agents, and/or Yahoo Affiliates, in its sole discretion, has the right at any time to perform remote Security Testing of The System, excluding physical premises. Such Security Testing does not include actions (e.g., penetration testing) that could reasonably be anticipated to cause material harm or damage to The System or materially impair its performance. Security Testing may result in the identification of Security Issues.
b. Upon Yahoo’s request, Partner will promptly white list IP addresses provided by Yahoo to allow accurate Security Testing to occur.
c. Partner will not impede Yahoo, its agents, and/or Yahoo Affiliates from performing Security Testing; provided, however, that if Partner reasonably believes the Security Testing will cause material harm or damage to The System or materially impair its performance, Partner will (a) take the minimum action necessary to prevent or mitigate such harm or damage; (b) if applicable, contact Yahoo immediately and explain the nature of the harm or damage that occurred; and (c) work with Yahoo so that Security Testing can occur without inflicting material harm or damage to The System or its performance.
Security Testing. The Supplier shall, at its own cost and expense procure and conduct: testing of the Information Management System by a CHECK Service Provider or a CREST Service Provider (“IT Health Check”); and such other security tests as may be required by the Authority, The Supplier shall complete all of the above security tests before the Supplier submits the Security Management Plan to the Authority for review in accordance with Paragraph 4; and it shall repeat the IT Health Check not less than once every 12 months during the Term and submit the results of each such test to the Authority for review in accordance with this Paragraph. In relation to each IT Health Check, the Supplier shall: agree with the Authority the aim and scope of the IT Health Check; promptly, and no later than ten (10) Working Days, following the receipt of each IT Health Check report, provide the Authority with a copy of the full report; in the event that the IT Health Check report identifies any vulnerabilities, the Supplier shall: prepare a remedial plan for approval by the Authority (each a "Vulnerability Correction Plan") which sets out in respect of each vulnerability identified in the IT Health Check report: how the vulnerability will be remedied; unless otherwise agreed in writing between the Parties, the date by which the vulnerability will be remedied, which must be: within three months of the date the Supplier received the IT Health Check report in the case of any vulnerability categorised with a severity of “medium”; within one month of the date the Supplier received the IT Health Check report in the case of any vulnerability categorised with a severity of “high”; and
Security Testing. 5.1 During the performance of services under the Agreement, Processor shall engage periodically a Third-Party (“Testing Company”) to perform penetration and vulnerability testing (“Security Tests”) with respect to Processor’s systems containing and/or storing Personal Data.
5.2 The objective of such Security Tests shall be to identify design and/or functionality issues in applications or infrastructure of the Processor systems containing and/or storing Personal Data, which could expose Controller’s assets to risks from malicious activities. Security Tests shall probe for weaknesses in applications, network perimeters or other infrastructure elements as well as weaknesses in process or technical countermeasures relating to the Processor systems containing and/or storing Personal Data that could be exploited by a malicious party.
5.3 Security Tests shall identify, at a minimum, the following security vulnerabilities: invalidated or un-sanitized input; broken or excessive access controls; broken authentication and session management; cross-site scripting (XSS) flaws; buffer overflows; injection flaws; improper error handling; insecure storage; common denial of service vulnerabilities; insecure or inconsistent configuration management; improper use of SSL/TLS; proper use of encryption; and anti-virus reliability and testing.
5.4 Within a reasonable period after the Security Test has been performed, Processor shall notify Controller in writing of any critical security issues that were revealed during such Security Test which have not been remediated. To the extent that critical security issues were revealed during a particular Security Test, Processor shall subsequently engage, at its own expense, the Testing Company to perform an additional Security Test to ensure resolution of identified security issues. Results thereof shall be made available to the Controller upon request.
Security Testing. SSAE 16 Service Organization Control (SOC 2 and 3) Type II audits completed annually by a third party. • Global network penetration test conducted annually. Penetration test results are considered SAS’ Confidential Information. • Penetration tests performed for new and significantly-changed production applications that are exposed to the Internet.
Security Testing. Whimsical shall regularly test, assess and evaluate the effectiveness of the security measures set forth in Appendix 1.
Security Testing. ▇▇▇▇▇▇▇▇ has arranged for all testing as detailed in this Section below to be undertaken by an independent third party.
a. Revenera, through its contractors, will perform penetration testing on the Revenera’s systems no more than once every twelve
Security Testing. Implement a repeatable and documented set of security tests for hardware, software and services – including but not limited to the production environment, releases of Software-as-a-Service (SaaS), other Cloud-based “as-a- Services” (PaaS, IaaS, DRaaS, etc.), containers and application program interfaces (APIs) used to deliver services of the Agreement or host City data within the scope of the Agreement. Determine the objectives of each security test, and tailor the approach accordingly. Analyze findings, and develop mitigation techniques to address (i) poor testing effectiveness metrics and (ii) any weaknesses discovered through the tests. At the City's request, cooperate with City and its contracted resources to conduct security quality assurance and penetration tests on a mutually agreeable schedule.