Common use of Audit and Testing Clause in Contracts

Audit and Testing. 4.1 The Provider shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority. 4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Provider shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test. 4.3 Where any Security Test carried out pursuant to paragraphs 4.2 above reveals any actual or potential security failure or weaknesses, the Provider shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Provider proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Provider shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non- compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.

Audit and Testing. 4.1 The Provider shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority. 4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Provider shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test. 4.3 Where any Security Test carried out pursuant to paragraphs 4.2 above reveals any actual or potential security failure or weaknesses, the Provider shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Provider proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Provider shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non- compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.

Audit and Testing. 4.1 The Provider shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority. 4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Provider shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test. 4.3 Where any Security Test carried out pursuant to paragraphs 4.2 above reveals any actual or potential security failure or weaknesses, the Provider shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Provider proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Provider shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non- non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.

Audit and Testing. 4.1 The Provider Potential Supplier shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority. 4.2 The Authority shall be entitled to send a representative to witness the conduct of the Security Tests. The Provider Potential Supplier shall provide the Authority with the results of such tests (in a form approved by the Authority in advance) as soon as practicable after completion of each Security Test. 4.3 Where any Security Test carried out pursuant to paragraphs 4.2 above reveals any actual or potential security failure or weaknesses, the Provider Potential Supplier shall promptly notify the Authority of any changes to the Security Plan (and the implementation thereof) which the Provider Potential Supplier proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 3.12, the Provider Potential Supplier shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non- non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.