Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority. 4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test. 4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests. 4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 141 contracts
Samples: Provision of Services Agreement, Provision of Services Agreement, Employability Support Programme Agreement
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 16 contracts
Samples: Employment Agreement, Service Order for Legal Services, Contract for the Provision of Services
Audit and Testing. 4.1 The Contractor Provider shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor Provider shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor Provider to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the ContractorProvider's compliance with and implementation of the Security Plan. The Authority may notify the Contractor Provider of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor Provider shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor Provider shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor Provider proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor Provider shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 15 contracts
Samples: Provision of Residential Training, Contract for the Provision of Residential Training, Contract for the Provision of Residential Training
Audit and Testing. 4.1 5.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 5.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 5.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the testsGoods and/or Services.
4.4 5.4 Where any Security Test carried out pursuant to paragraphs 4.2 5.2 or 4.3 5.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.124.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the HMG Security Policy Framework or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4paragraph, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 7 contracts
Samples: Contract for the Provision of Services, Contract for the Provision of Vessel Monitoring System (Vms) Devices, Contract for Services
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual [ValSug annual] basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 7 contracts
Samples: Support Agreement, Provision of in Work Support for 18 24 Year Olds Services, Provision of It Skills for Work With Jobsearch Support Services
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual [annual] basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 . The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 . Without prejudice to any other right of audit or access granted to the Authority pursuant to this ContractAgreement, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 . Where any Security Test carried out pursuant to paragraphs 4.2 14.3 or 4.3 14.4 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.1213.5.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 414, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements. COMPLIANCE WITH ISO/IEC 27001 [The Contractor shall obtain independent certification of the Security Plan to ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the Agreement.] [If certain parts of the Security Policy do not conform to good industry practice as described in ISO 27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to these parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement for certification in respect of the relevant parts.] The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits. If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part. If, as a result of any such independent audit as described in paragraph 15.5 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit. BREACH OF SECURITY Either party shall notify the other immediately upon becoming aware of any Breach of Security including, but not limited to an actual, potential or attempted breach, or threat to, the Security Plan. Upon becoming aware of any of the circumstances referred to in paragraph 16.2, the Contractor shall: immediately take all reasonable steps necessary to: remedy such breach or protect the Contractor System against any such potential or attempted breach or threat; and prevent an equivalent breach in the future. Such steps shall include any action or changes reasonably required by the Authority. In the event that such action is taken in response to a breach that is determined by the Authority acting reasonably not to be covered by the obligations of the Contractor under this Agreement, then the Contractor shall be entitled to refer the matter for agreement in accordance with any procedures for handling contract change set out in the General Conditions; and as soon as reasonably practicable provide to the Authority full details (using such reporting mechanism as may be specified by the Authority from time to time) of such actual, potential or attempted breach and of the steps taken in respect thereof. APPENDIX 1 APPENDIX 2 PURPOSE OF THIS SCHEDULE This schedule sets out the Authority's requirements for ensuring continuity of the business processes and operations supported by the Services in circumstances of Service disruption or failure and for restoring the Services through business continuity and as necessary disaster recovery procedures. It also includes the requirement on the Contractor to develop, review, test, change, and maintain a BCDR Plan in respect of the Services. The BCDR Plan shall be divided into three parts: Part A which shall set out general principles applicable to the BCDR Plan ("General Principles"). Part B which shall relate to business continuity ("Business Continuity Plan"); and Part C which shall relate to disaster recovery ("Disaster Recovery Plan"); and The BCDR Plan shall detail the processes and arrangements which the Contractor shall follow to ensure continuity of the business processes and operations supported by the Services following any failure or disruption of any element of the Services and the recovery of the Services in the event of a Disaster. DEVELOPMENT OF BCDR PLAN The BCDR Plan shall unless otherwise required by the Authority in writing, be based upon and be consistent with the provisions of paragraphs 19, 4and 21 of this schedule 2 (Business Continuity and Disaster Recovery Provisions). The Contractor shall ensure that its Sub-contractors' disaster recovery and business continuity plans are integrated with the BCDR Plan.
Appears in 6 contracts
Samples: The Provision of Planned Preventative and Reactive Maintenance Northern Region, Contract for the Provision of Services, Contract for the Provision of Services
Audit and Testing.
4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 6 contracts
Samples: Provision Agreement, Service Agreement, Provision of Career Re Launch Services
Audit and Testing. 4.1 6.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 6.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 6.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the testsGoods and/or Services.
4.4 6.4 Where any Security Test carried out pursuant to paragraphs 4.2 6.2 or 4.3 6.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.125.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the HMG Security Policy Framework or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4paragraph, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 6 contracts
Samples: Framework Agreement, Framework Agreement, Framework Agreement
Audit and Testing.
4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 3 contracts
Samples: Employability Programme Contract, Contract for Services, Contract for Services
Audit and Testing. 4.1 The Contractor Service Provider shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 Customer. The Authority Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor Service Provider shall provide the Authority Customer with the results of such tests (in a form approved by the Authority Customer in advance) as soon as practicable after completion of each Security Test.
4.3 . Without prejudice to any other right of audit or access granted to the Authority Customer pursuant to this Contract, the Authority Customer shall be entitled at any time and without giving notice to the Contractor Service Provider to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the ContractorService Provider's compliance with and implementation of the Security Plan. The Authority Customer may notify the Contractor Service Provider of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery of the Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor Service Provider shall be granted relief against any resultant under-performance for the period of the tests.
4.4 . Where any Security Test carried out pursuant to paragraphs 4.2 or and 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor Service Provider shall promptly notify the Authority Customer of any changes to the Security Plan (and the implementation thereof) which the Contractor Service Provider proposes to make in order to correct such failure or weakness. Subject to the AuthorityCustomer's approval Approval in accordance with paragraph 3.12, 3.4.3 the Contractor Service Provider shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority Customer or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirementsSecurity Requirements, the change to the Security Plan shall be at no additional cost to the AuthorityCustomer. For the purposes of this paragraph 44.4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirementsSecurity Requirements.
Appears in 2 contracts
Samples: Ict Consultancy and Delivery Services Framework Agreement, Ict Consultancy and Delivery Services Framework Agreement
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual [Insert - annual] basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 2 contracts
Samples: Self Efficacy Advocacy Support Service Agreement, Service Agreement
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the AuthorityClient.
4.2 The Authority Client shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority Client with the results of such tests (in a form approved by the Authority Client in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority Client pursuant to this Contract, the Authority Client shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority Client may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.1 or 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority Client of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the AuthorityClient's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority Client or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the AuthorityClient. For the purposes of this paragraph 44.4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 2 contracts
Samples: Av Support Agreement, Contract for Services
Audit and Testing. 4.1 5.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 5.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 5.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the testsGoods and/or Services.
4.4 5.4 Where any Security Test carried out pursuant to paragraphs 4.2 5.2 or 4.3 5.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.124.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-non- compliance with the HMG Security Policy Framework or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4paragraph, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 2 contracts
Samples: Contract for the Provision of Services, Contract for the Provision of Services
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Training Services Agreement
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 . The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 . Without prejudice to any other right of audit or access granted to the Authority pursuant to this the Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its his ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 . Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval Approval in accordance with paragraph 3.123.4.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements. The Contractor shall obtain independent certification of the Security Plan to ISO 27001 as soon as reasonably practicable and will maintain such certification for the duration of the Contract. If certain parts of the Security Policy do not conform to good industry practice as described in ISO 27002 and, as a result, the Contractor reasonably believes that its certification to ISO 27001 would fail in regard to these parts, the Contractor shall promptly notify the Authority of this and the Authority in its absolute discretion may waive the requirement for certification in respect of the relevant parts. The Contractor shall carry out such regular security audits as may be required by the British Standards Institute in order to maintain delivery of the Services in compliance with security aspects of ISO 27001 and shall promptly provide to the Authority any associated security audit reports and shall otherwise notify the Authority of the results of such security audits. If it is the Authority's reasonable opinion that compliance with the principles and practices of ISO 27001 is not being achieved by the Contractor, then the Authority shall notify the Contractor of the same and give the Contractor a reasonable time (having regard to the extent of any non-compliance and any other relevant circumstances) to become compliant with the principles and practices of ISO 27001. If the Contractor does not become compliant within the required time then the Authority has the right to obtain an independent audit against these standards in whole or in part. If, as a result of any such independent audit as described in paragraph 5.4 the Contractor is found to be non-compliant with the principles and practices of ISO 27001 then the Contractor shall, at its own expense, undertake those actions required in order to achieve the necessary compliance and shall reimburse in full the costs incurred by the Authority in obtaining such audit. Either party shall notify the other immediately upon becoming aware of any Breach of Security including, but not limited to an actual, potential or attempted breach, or threat to, the Security Plan. Upon becoming aware of any of the circumstances referred to in paragraph 6.1, the Contractor shall: immediately take all reasonable steps necessary to: remedy such breach or protect the Contractor System against any such potential or attempted breach or threat; and prevent an equivalent breach in the future. Such steps shall include any action or changes reasonably required by the Authority. In the event that such action is taken in response to a breach that is determined by the Authority acting reasonably not to be covered by the obligations of the Contractor under the Contract, then the Contractor shall be entitled to refer the matter to the change control procedures in accordance with Condition 44 (Variation). as soon as reasonably practicable provide to the Authority full details (using such reporting mechanism as may be specified by the Authority from time to time) of such actual, potential or attempted breach and of the steps taken in respect thereof. [Security Plan]Redacted re: Freedom of Information Act, Section 43 Commercial Interests. The Department for Work and Pensions treats its information as a valuable asset and considers that it is essential that information must be protected, together with the systems, equipment and processes which support its use. These information assets may include data, text, drawings, diagrams, images or sounds in electronic, magnetic, optical or tangible media, together with any Personal Data for which the Department for Work and Pensions is the Data Controller. In order to protect Departmental information appropriately, our suppliers must provide the security measures and safeguards appropriate to the nature and use of the information. All suppliers of services to the Department for Work and Pensions must comply, and be able to demonstrate compliance, with the Department’s relevant policies and standards. The Chief Executive or other suitable senior official of each supplier must agree in writing to comply with these policies and standards. Each supplier must also appoint a named officer who will act as a first point of contact with the Department for security issues. In addition all staff working for the supplier and where relevant sub-contractors, with access to Departmental IT Systems, Services or Departmental information must be made aware of these requirements and must comply with them. All suppliers must comply with the relevant Standards from the DWP Information Systems Security Standards. The Standards are based on and follow the same format as International Standard 27001, but with specific reference to the Department’s use. The following are key requirements and all suppliers must comply with relevant DWP policies concerning: Staff recruitment in accordance with government requirements for pre-employment checks; Staff training and awareness of Departmental security and any specific contract requirements.
Appears in 1 contract
Samples: Framework Agreement
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual [annual] basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this ContractAgreement, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.123.4.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Maintenance and Support Agreement
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this ContractAgreement, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its his ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval Approval in accordance with paragraph 3.123.4.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Consultancy Agreement
Audit and Testing. 4.1 a) The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual [annual] basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 b) The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 c) Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 d) Where any Security Test carried out pursuant to paragraphs 4.2 b or 4.3 c above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.123(d)iii, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Software License Agreement
Audit and Testing. 4.1 11.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual [annual] basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 11.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 11.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this ContractAgreement, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 11.4 Where any Security Test carried out pursuant to paragraphs 4.2 11.2 or 4.3 11.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.1210.4.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 411, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Ict Services Agreement
Audit and Testing. 4.1 5.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 5.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advancean Approved form) as soon as practicable after completion of each Security Test.
4.3 5.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this the Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the testsServices.
4.4 5.4 Where any Security Test carried out pursuant to paragraphs 4.2 5.2 or 4.3 above 5.3 reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval Approval in accordance with paragraph 3.124.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy Framework or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4paragraph, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Contract for the Provision of Investment Expert Level Training Services
Audit and Testing. 4.1 5.1 The Contractor shall shall, at the written request of the Authority, conduct tests of the processes and countermeasures contained Security Policy in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance accordance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct provisions of the Security Policy relating to security testing and with any other testing procedures agreed between the parties (“Security Tests”). The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without 5.2 Subject to paragraphs 5.4 and 5.5, without prejudice to any other right of audit or access granted to the Authority pursuant to this ContractAgreement, the Authority shall be entitled at any time, from time to time and without giving notice to the Contractor to carry out such tests Security Tests (including penetration tests) as it may reasonably deem are necessary in relation order to the Security Plan and test the Contractor's compliance with with, and implementation of of, the Security PlanPolicy. The Authority may will, as soon as practicable, notify the Contractor of the results of security failure or weaknesses identified by such tests Security Tests after completion of each such test. Security Test.
5.3 Where the Authority reasonably considers that the Security Tests shall be designed and implemented so as to minimise the will detrimentally impact on the delivery Services, then the Authority shall provide the Contractor with reasonable advance notice of the Security Tests. The Contractor shall, as soon as reasonably possible after receipt of such notice, advise the Authority: (i) whether such Security Tests will, in its reasonable opinion, detrimentally affect the Services; and (ii) any possible activities that the Contractor may reasonably be able to undertake to mitigate any such effect on the Services. The parties will as soon as possible meet and discuss the same. If the parties fail to agree how the Security Tests should be held within 7 days of receipt of such tests impact adversely on its ability notice from the Authority, either party may refer the Dispute to deliver the Dispute Resolution Procedure.
5.4 Where the Authority provides no notice to the Contractor in accordance with paragraph 5.4 that it will be carrying out Security Tests, and the Services are detrimentally affected as a result of the carrying out of such tests, then, to the agreed extent that any such failure to perform or Service Levelsfailure has arisen as a result of the carrying out of such Security Tests, the Contractor Authority shall not be granted relief against entitled to any resultant under-performance for the period Service Credits in respect of the testsany relevant Service failure(s).
4.4 5.5 Where any Security Test carried out pursuant to paragraphs 4.2 paragraph 5.2 or 4.3 above 5.3 reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any the changes to the Security Plan Policy (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval agreement in accordance with paragraph 3.124.14, the Contractor shall implement such changes to the Security Plan Policy in accordance with the any timetable agreed with the Authority or, otherwiseif none, as soon as reasonably possiblepromptly. For the avoidance of doubt, where the change to the Security Plan Policy is required in order to address a non-compliance comply with the Security Policy or security requirementsAuthority Requirements in Schedule 2 (Authority Requirements), the change to the Security Plan Policy shall be at no additional cost to the Authority. For the purposes of this paragraph 4, 4 a weakness “weakness” means a vulnerability in security and a “potential security failure failure” means a possible breach of weakness for which an exploit is available in the Security Plan or security requirementspublic domain.
Appears in 1 contract
Samples: It Advisory Services Agreement
Audit and Testing. 4.1 a) The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual [annual] basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 b) The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 c) Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-under- performance for the period of the tests.
4.4 d) Where any Security Test carried out pursuant to paragraphs 4.2 b or 4.3 c above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.123(d)iii, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual [annual] basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the AuthorityClient.
4.2 The Authority Client shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority Client with the results of such tests (in a form approved by the Authority Client in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority Client pursuant to this Contract, the Authority Client shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority Client may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.1 or 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority Client of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the AuthorityClient's approval in accordance with paragraph 3.120, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority Client or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the AuthorityClient. For the purposes of this paragraph 44.4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Av Support Agreement
Audit and Testing. 4.1 6.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 6.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 6.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver of the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the testsand/or Services.
4.4 6.4 Where any Security Test carried out pursuant to paragraphs 4.2 6.2 or 4.3 6.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.125.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the HMG Security Policy Framework or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4paragraph, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Framework Agreement
Audit and Testing.
4.1 The Contractor Provider shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor Provider shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor Provider to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the ContractorProvider's compliance with and implementation of the Security Plan. The Authority may notify the Contractor Provider of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor Provider shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor Provider shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor Provider proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor Provider shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Call Off Terms and Conditions
Audit and Testing. 4.1 The Prime Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the AuthorityContracting Body.
4.2 The Authority Contracting Body shall be entitled to send a representative to witness the conduct of the Security Tests. The Prime Contractor shall provide the Authority Contracting Body with the results of such tests (in a form approved by the Authority Contracting Body in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority Contracting Body pursuant to this the Contract, the Authority Contracting Body shall be entitled at any time and without giving notice to the Prime Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Prime Contractor's compliance with and implementation of the Security Plan. The Authority Contracting Body may notify the Prime Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Prime Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Prime Contractor shall promptly notify the Authority Contracting Body of any changes to the Security Plan (and the implementation thereof) which the Prime Contractor proposes to make in order to correct such failure or weakness. Subject to the AuthorityContracting Body's approval in accordance with paragraph 3.12, the Prime Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority Contracting Body or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the AuthorityContracting Body. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Audit and Testing. 4.1 The Prime Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed notified in advance with to the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Prime Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advancestandard format) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this ContractAgreement, the Authority shall be entitled at any time time, and without on giving reasonable advance notice to the Contractor Prime Contractor, to carry out such tests (including excluding penetration tests) as it may deem reasonably necessary in relation to the Security Plan and the Prime Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Prime Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Prime Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs Paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Prime Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Prime Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval Approval in accordance with paragraph 3.12Paragraph 3.4.3, the Prime Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy Policy, see Appendix 1, or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph Paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Contract for the Provision of Simple Payment Services
Audit and Testing. 4.1 The Authority shall carry out a security review of the Suppliers premises and processes within the first 3 months of commencement date on a date agreed in advance with the Supplier and Authority.
4.2 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 4.3 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 4.4 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service LevelsContract Performance Targets, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 4.5 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 4.4 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Provision of Issue of Arrest Warrants With and Without Bail Services
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the AuthorityClient.
4.2 The Authority Client shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority Client with the results of such tests (in a form approved by the Authority Client in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority Client pursuant to this Contract, the Authority Client shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority Client may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.1 or 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority Client of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the AuthorityClient's approval in accordance with paragraph 3.120, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority Client or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the AuthorityClient. For the purposes of this paragraph 44.4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Av Support Agreement
Audit and Testing. 4.1 The Contractor shall shall, at the written request of the Authority, conduct tests of the processes and countermeasures contained Security Policy in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance accordance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct provisions of the Security Policy relating to security testing and with any other testing procedures agreed between the parties (“Security Tests”). The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without Test Subject to paragraphs 5.4 and 5.5, without prejudice to any other right of audit or access granted to the Authority pursuant to this ContractAgreement, the Authority shall be entitled at any time, from time to time and without giving notice to the Contractor to carry out such tests Security Tests (including penetration tests) as it may reasonably deem are necessary in relation order to the Security Plan and test the Contractor's compliance with with, and implementation of of, the Security PlanPolicy. The Authority may will, as soon as practicable, notify the Contractor of the results of security failure or weaknesses identified by such tests Security Tests after completion of each such testSecurity Test. Where the Authority reasonably considers that the Security Tests shall be designed and implemented so as to minimise the will detrimentally impact on the delivery Services. If such tests impact adversely on its ability to deliver , then the Services to the agreed Service Levels, Authority shall provide the Contractor shall be granted relief against any resultant under-performance for the period with reasonable advance notice of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Tests. The Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwiseshall, as soon as reasonably possiblepossible after receipt of such notice, advise the Authority: (i) whether such Security Tests will, in its reasonable opinion, detrimentally affect the Services; and (ii) any possible activities that the Contractor may reasonably be able to undertake to mitigate any such effect on the Services. For The parties will as soon as possible meet and discuss the avoidance same. If the parties fail to agree how the Security Tests should be held within 7 days of doubtreceipt of such notice from the Authority, where either party may refer the change Dispute to the Dispute Resolution Procedure. Where the Authority provides no notice to the Contractor in accordance with paragraph 5.4 that it will be carrying out Security Plan Tests, and the Services are detrimentally affected as a result of the carrying out of such tests, then, to address the extent that any such failure to perform or Service failure has arisen as a non-compliance with result of the carrying out of such Security Policy or security requirementsTests, the change Authority shall not be entitled to the Security Plan shall be at no additional cost to the Authority. For the purposes any Service Credits in respect of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirementsany relevant Service failure(s).
Appears in 1 contract
Audit and Testing. 4.1 The Contractor Consultant shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 Agency. The Authority Agency shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor Consultant shall provide the Authority Agency with the results of such tests (in a form approved by the Authority Agency in advance) as soon as practicable after completion of each Security Test.
4.3 . Without prejudice to any other right of audit or access granted to the Authority Agency pursuant to this ContractAgreement, the Authority Agency shall be entitled at any time and without giving notice to the Contractor Consultant to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the ContractorConsultant's compliance with and implementation of the Security Plan. The Authority Agency may notify the Contractor Consultant of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Consultancy Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service LevelsConsultancy Services, the Contractor Consultant shall be granted relief against any resultant under-performance for the period of the tests.
4.4 . Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above this Paragraph 3 reveals any actual or potential security failure or weaknesses, the Contractor Consultant shall promptly notify the Authority Agency of any changes to the Security Plan (and the implementation thereof) which the Contractor Consultant proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor The Consultant shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority Agency or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan is implemented to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the AuthorityAgency. For the purposes of this paragraph 4Paragraph 3, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Audit and Testing. 4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Partiesparties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.
Appears in 1 contract
Samples: Legal Services Framework Agreement
Audit and Testing.
4.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority.
4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Contractor shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test.
4.3 Without prejudice to any other right of audit or access granted to the Authority pursuant to this Contract, the Authority shall be entitled at any time and without giving notice to the Contractor to carry out such tests (including penetration tests) as it may deem necessary in relation to the Security Plan and the Contractor's compliance with and implementation of the Security Plan. The Authority may notify the Contractor of the results of such tests after completion of each such test. Security Tests shall be designed and implemented so as to minimise the impact on the delivery Services. If such tests impact adversely on its ability to deliver the Services to the agreed Service Levels, the Contractor shall be granted relief against any resultant under-performance for the period of the tests.
4.4 Where any Security Test carried out pursuant to paragraphs 4.2 or 4.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.the
Appears in 1 contract
Samples: Management Agreement