Vulnerability and Patch Management. Genesys will maintain a vulnerability management program as per Genesys risk management process, that ensures compliance with Industry Standards. Genesys will assess all critical vulnerabilities to the Cloud Services Environment using industry standard CVSS and CVE scores or other similar approach for access/vector complexity, authentication, impact, integrity, and availability. If Genesys deems the resulting risk to be critical to Customer Data, Genesys will endeavour to patch or mitigate affected systems within three (3) working days. Certain stateful systems cannot be patched as quickly due to interdependencies and customer impact, but will be remediated as expeditiously as practicable. In normal operation OS patch management operations will be performed in 30 (thirty) days or less. 9 Data Deletion and Destruction, Exit Plan. Genesys will follow, and will ensure that its sub-processors will follow, Industry Standard processes to delete obsolete data and sanitize or destroy retired equipment that formerly held Customer Data. Customer Org related recording and call detail record retention policies are customer configurable. All other retention policies are managed by Genesys at platform level. Termination of the Cloud Services for Customer will be subject to the Exit Plan in Exhibit A.
Appears in 2 contracts