Common use of Penetration Tests Clause in Contracts

Penetration Tests. The Client is authorised to carry out penetration tests on the Services (hereinafter "Penetration Test(s)") by itself or by a duly appointed third party auditor of its choice. The performance of these operations does not require OVHcloud to be notified. These Penetration Tests shall be carried out in accordance with the laws and regulations in force. The Client shall obtain the authorization of the Users and rights holders of the scope targeted by the test. The conditions whereby the Client entrusts the third party auditor with the performance of the Penetration Tests are the subject of a separate agreed concluded between the Client and the auditor, and include all the conditions of this article. The Client declares and guarantees to OVHcloud that all the conditions for conducting the Penetration Tests stipulated herein will be respected, including by the auditor who acts under the full responsibility of the Client. Under no circumstances shall the Penetration Tests (a) target other OVHcloud target elements and OVHcloud Infrastructures other than those used exclusively by the Client (including but not limited to OVHcloud shared infrastructure, networks and services), (b) disrupt the proper functioning of the Services and OVHcloud infrastructure and networks and/or (c) have any impact on the Services, resources, networks and infrastructure provided by OVHcloud to other clients. Any attempt to intrude into environments or systems used by other OVHcloud clients is expressly prohibited. The Client is solely responsible for all consequences that may result from the performance of the Penetration Tests, including when they are carried out by a third party auditor. In particular, it is the Client's responsibility to carry out or to have carried out in advance, and under its entire responsibility, all backups necessary to enable, in the event of an incident occurring during the Penetration Tests, to restore and to be able to continue to use the target elements of the Penetration Tests (systems, applications, data, etc.). The Client is informed that if, within the framework of the Services, protection mechanisms, such as systems to prevent the sending of fraudulent or massive mail (SPAM) or against computer attacks by denial of service (DOS or DDOS), have been put in place, these mechanisms will not be deactivated within the framework of the Penetration Tests, and may therefore result in the unavailability of the Services. The Client is responsible for informing any person likely to be affected by such unavailability. At the end of the Penetration Tests, a written audit report is drawn up. The audit report will be communicated to OVHcloud upon first request or whenever it is of interest to OVHcloud (in particular in the event of a flaw or vulnerability in OVHcloud's Services or Infrastructures, or that could impact other OVHcloud clients). The audit report, its contents, and more generally all information disclosed or collected in the course of the audit and concerning, directly or indirectly, OVHcloud, are considered strictly confidential, and may under no circumstances be published or disclosed to third parties without XXXxxxxx's prior written consent. In the event of non-compliance by the Client and/or the third party auditor with all or part of the terms and conditions of this article, OVHcloud reserves the right to immediately suspend access to its Services, without prejudice to any damages OVHcloud may claim.

Penetration Tests. The Client is authorised to may, directly or through a duly appointed third party auditor of its choice, carry out penetration tests on the Services (hereinafter "Penetration Test(s)") by itself or by a duly appointed third party auditor without prior notification of its choice. The performance of these operations does not require OVHcloud to be notifiedOVHcloud. These Penetration Tests shall be carried out in accordance with the laws and regulations in force. The Client shall obtain the authorization authorisation of the Users and rights holders of within the scope targeted by of the test. The conditions whereby Should the Client entrusts the have these Penetration Tests performed by a third party auditor with the performance of the Penetration Tests are the subject of a separate agreed concluded between the Client and the auditor, and their agreement shall include all the conditions of this article. The Client declares and guarantees warrants to OVHcloud that all the conditions for conducting the Penetration Tests stipulated herein will be respected, including by the auditor who acts under the full responsibility of the Client. Under no circumstances shall the Penetration Tests (a) target other OVHcloud target elements and OVHcloud Infrastructures other than those used exclusively by the Client (including but not limited to OVHcloud shared infrastructure, networks and services), (b) disrupt the proper functioning of the Services and OVHcloud infrastructure and networks and/or (c) have any impact on the Services, resources, networks and infrastructure provided by OVHcloud to other clients. Any attempt to intrude into environments or systems used by other OVHcloud clients is expressly prohibited. The Client is solely responsible for all consequences that may result from the performance of the Penetration Tests, including when they are carried out by a third party auditor. In particular, it Client is the Client's responsibility sole responsible to carry out or to have carried out in advance, all necessary backups to prevent any data loss and under its entire responsibility, all backups necessary to enable, in the event of an incident occurring during the Penetration Tests, to restore and to be able to continue to use the target elements of the Penetration Tests (systems, applications, data, etc.), should an incident occur during the Penetration Tests. The Client is informed that if, within the framework of the Services, protection mechanisms, such as systems to prevent the sending of fraudulent or massive mail (SPAM) or against computer attacks by denial of service (DOS or DDOS), have been put in place, these mechanisms will not be deactivated within the framework of for the Penetration Tests, and may therefore result in the unavailability of the Services. The Client is responsible for informing any person likely to be affected by such unavailability. At the end Upon completion of the Penetration Tests, a written audit report is drawn up. The audit report will be drawn up and communicated to OVHcloud upon first request or whenever it is of interest to OVHcloud (in particular in the event of a flaw or vulnerability in OVHcloud's Services or Infrastructures, or that could impact other OVHcloud clients). The audit report, its contents, and more generally all information disclosed or collected in the course of the audit and concerning, directly or indirectly, OVHcloud, are considered strictly confidential, and may under no circumstances be published or disclosed to third parties without XXXxxxxx's prior written consent. In the event of non-compliance by the Client and/or the third party auditor with all or part of the terms and conditions of this article, OVHcloud reserves the right to immediately suspend access to its Services, without prejudice to any damages OVHcloud may claim.