Change and Configuration Management. Maintaining policies and procedures for managing changes Provider makes to production systems, applications, and databases. Such policies and procedures include: a) A process for documenting, testing and approving the patching and maintenance of the Service; b) A security patching process that requires patching systems in a timely manner based on a risk analysis; and c) A process for Provider to utilize a third party to conduct web application-level security assessments. These assessments generally include testing, where applicable, for: i) Cross-site request forgery ii) Services scanning iii) Improper input handling (e.g., cross-site scripting, SQL injection, XML injection, cross-site flashing) iv) XML and SOAP attacks v) Weak session management vi) Data validation flaws and data model constraint inconsistencies
Appears in 19 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Change and Configuration Management. Maintaining policies and procedures for managing changes Provider Workday makes to production systems, applications, and databasesdatabases processing Covered Data. Such policies and procedures include:
a) A process for documenting, testing and approving the patching and maintenance of the Covered Service;
b) A security patching process that requires patching systems in a timely manner based on a risk analysis; and
c) A process for Provider Workday to utilize a third party to conduct web application-application level security assessments. These assessments generally include testing, where applicable, for:
i) Cross-site request forgery
ii) Services scanning
iii) Improper input handling (e.g., e.g. cross-site scripting, SQL injection, XML injection, cross-site flashing)
iv) XML and SOAP attacks
v) Weak session management vi) Data validation flaws and data model constraint inconsistencies
Appears in 8 contracts
Samples: Universal Main Subscription Agreement, Universal Main Subscription Agreement, Universal Main Subscription Agreement
Change and Configuration Management. Maintaining policies and procedures for managing changes Provider makes to production systems, applications, and databases. Such policies and procedures include:
a) A process for documenting, testing and approving the patching and maintenance of the Service;
b) A security patching process that requires patching systems in a timely manner based on a risk analysis; and
c) A process for Provider to utilize a third party to conduct web application-level security assessments. These assessments generally include testing, where applicable, for:
i) Cross-site request forgery
ii) Services scanning
iii) Improper input handling (e.g., cross-site scripting, SQL injection, XML injection, cross-site flashing)
iv) XML and SOAP attacks
v) Weak session management vi) Data validation flaws and data model constraint inconsistencies
vii) Insufficient authentication
viii) Insufficient authorization
Appears in 4 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Change and Configuration Management. Maintaining policies and procedures for managing changes Provider Workday makes to production systems, applications, and databases. Such policies and procedures include:
a) A process for documenting, testing and approving the patching and maintenance of the Service;
b) A security patching process that requires patching systems in a timely manner based on a risk analysis; and
c) A process for Provider Workday to utilize a third party to conduct web application-application level security assessments. These assessments generally include testing, where applicable, for:
i) Cross-site request forgery
ii) Services scanning
iii) Improper input handling (e.g., e.g. cross-site scripting, SQL injection, XML injection, cross-site flashing)
iv) XML and SOAP attacks
v) Weak session management vi) Data validation flaws and data model constraint inconsistencies
Appears in 1 contract
Samples: Professional Services Agreement
