Vulnerability and Patch Management Clause Samples

Vulnerability and Patch Management. Genesys will maintain a vulnerability management program that ensures compliance with Industry Standards. Genesys will assess all critical vulnerabilities to the Cloud Services production environment for access/vector complexity, authentication, impact, integrity, and availability. If the resulting risk is deemed to be “Critical” to Customer Data by Genesys, Genesys will endeavour to patch or mitigate affected systems within 7 working days. Certain stateful systems cannot be patched as quickly due to interdependencies and customer impact but will be remediated as expeditiously as practicable.

Vulnerability and Patch Management. If Genesys deems the resulting risk to be critical to Customer Data, Genesys will endeavor to patch or mitigate the affected R2S and A3S area within fourteen calendar days.

Vulnerability and Patch Management. 1.1 For all Contractor Managed Systems that store Metro Government Information, Contractor will promptly address Vulnerabilities though Security Patches. Unless otherwise requested by Metro Government, Security Patches shall be applied within fourteen (14) days from its release for Critical Security Patches, thirty (30) days for Important Security Patches, and twelve (12) months for all other applicable Security Patches. Contractor may provide an effective technical mitigation in place of a Security Patch (if no Security Patch is available or if the Security Patch is incompatible) which doesn’t materially impact Metro Government’s use of the system nor require additional third party products. 1.2 If the application of Security Patches or other technical mitigations could impact the operation of Contractor Managed System, Contractor agrees to install patches only during Metro Government approved scheduled maintenance hours, or another time period agreed by Metro Government.

Vulnerability and Patch Management. (a) The Distributor monitors and supervises the development of all software that is used to process the Confidential Information of the Trust and conducts an independent security review of its environment. The Distributor reviews and tests custom code that is used to process such Confidential Information to identify potential coding vulnerabilities in accordance with industry standard security practices. All documentation of such assessments and remediation actions taken are confidential and proprietary and not disclosed externally. (b) Applications that are used to process the Confidential Information of the Trust are periodically scanned to detect vulnerabilities in static code or open source components and penetration tests are performed regularly (e.g., prior to releases, and at regular intervals if there are no releases). The Distributor employs a comprehensive software security assurance program (“SSAP”) that includes architectural risk reviews, secure code reviews, threat-based penetration testing, dynamic scanning in the quality assurance phase for all applications that process the Confidential Information of the Trust and a periodic security evaluation of all externally facing applications. (c) Patch management and vulnerability remediation across the Distributor’s applications and infrastructure are based on an internal prioritized scoring model which uses the Common Vulnerability Scoring System (CVSS), information from internal vulnerability assessments, and internally provided risk/severity ratings of the underlying assets and applications. The scoring model is designed to decrease risk exposure in critical areas by prioritizing remediation based on the Distributor’s environment. (d) If the Distributor identifies a weakness or vulnerability that could have a direct, material adverse impact on the Distributor’s ability to (i) perform its obligations under this Agreement, (ii) comply with applicable laws in connection with this Agreement, or (iii) meet the Distributor’s business continuity capabilities in connection with this Agreement (each a “Deficiency”), the Distributor shall, within a commercially reasonable time, provide high-level information about the potential impact of that Deficiency and its remediation plan. The Trust acknowledges that any Deficiency shall be remediated and verified by the Distributor’s own internal audit group that is independent from the division performing the obligations under this Agreement.

Vulnerability and Patch Management. Following receipt of any update release from the manufacturer, Veset will apply manufacturer-recommended security updates to all systems, devices, or applications Processing Personal Data within a reasonable period of time, taking into account the nature and severity of the risk. Veset will install, within a reasonable period of time following ▇▇▇▇▇’s receipt from the manufacturer, any software patches designated by manufacturers, vendors, or Veset as “critical”. Veset conducts regular vulnerability scans and penetration tests of any network storing or processing Personal Data and remediates any identified critical vulnerability in accordance with ▇▇▇▇▇’s defined remediation schedule 4. Access Controls.

Vulnerability and Patch Management. Genesys will maintain a vulnerability management program as per Genesys risk management process, that ensures compliance with Industry Standards. Genesys will assess all critical vulnerabilities to the Cloud Services Environment using industry standard CVSS and CVE scores or other similar approach for access/vector complexity, authentication, impact, integrity, and availability. If Genesys deems the resulting risk to be critical to Customer Data, Genesys will endeavour to patch or mitigate affected systems within three (3) working days. Certain stateful systems cannot be patched as quickly due to interdependencies and customer impact, but will be remediated as expeditiously as practicable. In normal operation OS patch management operations will be performed in 30 (thirty) days or less. 9 Data Deletion and Destruction, Exit Plan. Genesys will follow, and will ensure that its sub-processors will follow, Industry Standard processes to delete obsolete data and sanitize or destroy retired equipment that formerly held Customer Data. Customer Org related recording and call detail record retention policies are customer configurable. All other retention policies are managed by Genesys at platform level. Termination of the Cloud Services for Customer will be subject to the Exit Plan in Exhibit A.

Vulnerability and Patch Management. Following receipt of any update release from the manufacturer, Brightcove will apply manufacturer-recommended security updates to all systems, devices, or applications Processing Personal Data within a reasonable period of time, taking into account the nature and severity of the risk. Brightcove will install, within a reasonable period of time following Brightcove’s receipt from the manufacturer, any software patches designated by manufacturers, vendors, or Brightcove as “critical”. Brightcove conducts regular vulnerability scans and penetration tests of any network storing or processing Personal Data and remediates any identified critical vulnerability in accordance with Brightcove’s defined remediation schedule.

Vulnerability and Patch Management. We have a dedicated vulnerability process that actively scans for security threats or vulnerabilities using a combination of certified third-party scanning tools, and in-house tools. Subsequently, automated and manual testing is performed. Furthermore, the security team actively reviews inbound security reports and monitors public mailing lists, blog posts, and wikis to identify security incidents that might affect the company. Once we identify a vulnerability that requires remediation, it is logged, prioritized according to severity, and is assigned an owner. We further identify the associated risks and mitigate them by either patching the vulnerable systems or applying relevant controls. After assessing the severity of the vulnerability based on the impact analysis, we commit to resolve the issue within our defined SLA. Depending upon the severity, we send the security advisories to all our customers describing the vulnerability, the patch and the steps to be taken by the customer.

Vulnerability and Patch Management. (a) J.P. Morgan monitors and supervises the development of all software that is used to process Customer’s Confidential Information and conducts an independent security review of its environment. J.P. Morgan reviews and tests custom code that is used to process Customer’s Confidential Information to identify potential coding vulnerabilities in accordance with industry standard security practices. All documentation of such assessments and remediation actions taken are confidential and proprietary and not disclosed externally. (b) Applications that are used to process Customer’s Confidential Information are periodically scanned to detect vulnerabilities in static code or open source components and penetration tests are performed regularly (e.g., prior to releases, and at regular intervals if there are no releases). J.