Common use of Vulnerability Scan Clause in Contracts

Vulnerability Scan. 1.1 The Vulnerability Scan identifies security vulnerabilities exposed on the Assets. The vulnerability scanning function is implemented using a network of vulnerability scanners and/or agents using the Cloud Platform. 1.2 Interactive will perform one Vulnerability Scan of IP addresses, which the Customer must provide to Interactive in writing, to identify and rank vulnerabilities in network infrastructure and web applications in accordance with the schedule agreed between the parties during the Preparation Phase. This is a proactive check of the network and web applications to reduce the cyber security risks due to vulnerabilities. 1.3 Interactive will provide notification of vulnerabilities to the Assets by business criticality and severity, with recommendations to mitigate the vulnerability. This may include recommendations to patch systems or change rules on perimeter devices. 1.4 Interactive will perform the Vulnerability Scan one time only, at a date and time to be agreed between the parties. 1.5 The Customer may request additional Vulnerability Scans be performed by making a Service Request. If the Customer requests additional Vulnerability Scans, they will be deemed Out of Scope Work.