Control of Technical Vulnerabilities and Penetration Testing Sample Clauses

Control of Technical Vulnerabilities and Penetration Testing. Supplier shall perform vulnerability scans at intervals consistent with industry best practices to identify potential technical vulnerabilities based on notification of ZERO day vulnerabilities. Supplier shall subscribe to industry recognized threat monitoring service. Once a potential technical vulnerability has been identified, Supplier shall identify the associated risks and the actions to be taken. Such action shall involve patching of vulnerable systems and/or applying other controls. Supplier shall define and establish the roles and responsibilities associated with technical vulnerability management, including vulnerability monitoring, vulnerability risk assessment, patching, asset tracking, and any coordination responsibilities required. Supplier shall agree in writing that prior to production the application will undergo vulnerability and source code analysis. Postproduction, Supplier shall perform contractually agreed upon security scans (with the most current signature files) to verify that the system has not been compromised during the testing phase. Supplier shall provide written documentation to UL Solutions of the results of the scans and tests along with a mitigation plan. Supplier shall agree in writing that these vulnerabilities shall be mitigated pursuant to the policies of each Customer entity.
Sample 1Sample 2See All (4)
Control of Technical Vulnerabilities and Penetration Testing. Supplier shall take timely action in response to the identification of potential technical vulnerabilities. Once a potential technical vulnerability has been identified, Supplier shall identify the associated risks and the actions to be taken. Such action shall involve patching of vulnerable systems and/or applying other controls. Supplier shall define and establish the roles and responsibilities associated with technical vulnerability management, including vulnerability monitoring, vulnerability risk assessment, patching, asset tracking, and any coordination responsibilities required. Supplier shall agree in writing that prior to production the application will undergo a vulnerability and penetration test. Postproduction, Supplier shall perform contractually agreed upon security scans (with the most current signature files) to verify that the system has not been compromised during the testing phase. Supplier shall provide written documentation to Buyer of the results of the scans and tests along with a mitigation plan. Supplier shall agree in writing that these vulnerabilities shall be mitigated within a pre-negotiated period.
Sample 1

Related to Control of Technical Vulnerabilities and Penetration Testing

  • Information Technology Accessibility Standards Any information technology related products or services purchased, used or maintained through this Grant must be compatible with the principles and goals contained in the Electronic and Information Technology Accessibility Standards adopted by the Architectural and Transportation Barriers Compliance Board under Section 508 of the federal Rehabilitation Act of 1973 (29 U.S.C. §794d), as amended. The federal Electronic and Information Technology Accessibility Standards can be found at: xxxx://xxx.xxxxxx-xxxxx.xxx/508.htm.

  • Substance Abuse Testing The Parties agree that it is in the best interest of all concerned to promote a safe working environment. The Union has no objection to pre-employment substance abuse testing when required by the Employer and further, the Union has no objection to voluntary substance abuse testing to qualify for employment on projects when required by a project owner. The cost and scheduling of such testing shall be paid for and arranged by the Employer. The Union agrees to reimburse the Employer for any failed pre-access Alcohol and Drug test costs.

  • Loop Testing/Trouble Reporting 2.1.6.1 Telepak Networks will be responsible for testing and isolating troubles on the Loops. Telepak Networks must test and isolate trouble to the BellSouth portion of a designed/non-designed unbundled Loop (e.g., UVL-SL2, UCL-D, UVL-SL1, UCL-ND, etc.) before reporting repair to the UNE Customer Wholesale Interconnection Network Services (CWINS) Center. Upon request from BellSouth at the time of the trouble report, Telepak Networks will be required to provide the results of the Telepak Networks test which indicate a problem on the BellSouth provided Loop. 2.1.6.2 Once Telepak Networks has isolated a trouble to the BellSouth provided Loop, and had issued a trouble report to BellSouth on the Loop, BellSouth will take the actions necessary to repair the Loop if a trouble actually exists. BellSouth will repair these Loops in the same time frames that BellSouth repairs similarly situated Loops to its End Users. 2.1.6.3 If Telepak Networks reports a trouble on a non-designed or designed Loop and no trouble actually exists, BellSouth will charge Telepak Networks for any dispatching and testing (both inside and outside the CO) required by BellSouth in order to confirm the Loop’s working status. 2.1.6.4 In the event BellSouth must dispatch to the end-user’s location more than once due to incorrect or incomplete information provided by Telepak Networks (e.g., incomplete address, incorrect contact name/number, etc.), BellSouth will xxxx Xxxxxxx Networks for each additional dispatch required to repair the circuit due to the incorrect/incomplete information provided. BellSouth will assess the applicable Trouble Determination rates from BellSouth’s FCC or state tariffs.

  • Abuse and Neglect of Children and Vulnerable Adults: Abuse Registry Party agrees not to employ any individual, to use any volunteer or other service provider, or to otherwise provide reimbursement to any individual who in the performance of services connected with this agreement provides care, custody, treatment, transportation, or supervision to children or to vulnerable adults if there has been a substantiation of abuse or neglect or exploitation involving that individual. Party is responsible for confirming as to each individual having such contact with children or vulnerable adults the non-existence of a substantiated allegation of abuse, neglect or exploitation by verifying that fact though (a) as to vulnerable adults, the Adult Abuse Registry maintained by the Department of Disabilities, Aging and Independent Living and (b) as to children, the Central Child Protection Registry (unless the Party holds a valid child care license or registration from the Division of Child Development, Department for Children and Families). See 33 V.S.A. §4919(a)(3) and 33 V.S.A. §6911(c)(3).

  • Selection of Subcontractors, Procurement of Materials and Leasing of Equipment The contractor shall not discriminate on the grounds of race, color, religion, sex, national origin, age or disability in the selection and retention of subcontractors, including procurement of materials and leases of equipment. The contractor shall take all necessary and reasonable steps to ensure nondiscrimination in the administration of this contract. a. The contractor shall notify all potential subcontractors and suppliers and lessors of their EEO obligations under this contract. b. The contractor will use good faith efforts to ensure subcontractor compliance with their EEO obligations.

  • Reasonable Suspicion Testing All Employees Performing Safety-Sensitive Functions A. Reasonable suspicion testing for alcohol or controlled substances may be directed by the Employer for any employee performing safety-sensitive functions when there is reason to suspect that alcohol or controlled substance use may be adversely affecting the employee’s job performance or that the employee may present a danger to the physical safety of the employee or another. B. Specific objective grounds must be stated in writing that support the reasonable suspicion. Examples of specific objective grounds include but are not limited to: 1. Physical symptoms consistent with alcohol and/or controlled substance use; 2. Evidence or observation of alcohol or controlled substance use, possession, sale, or delivery; or 3. The occurrence of an accident(s) where a trained manager, supervisor or lead worker suspects alcohol or other controlled substance use may have been a factor.

  • Random Drug Testing All employees covered by this Agreement shall be subject to random drug testing in accordance with Appendix D.

  • Random Testing Notwithstanding any provisions of the Collective Agreement or any special agreements appended thereto, section 4.6 of the Canadian Model will not be applied by agreement. If applied to a worker dispatched by the Union, it will be applied or deemed to be applied unilaterally by the Employer. The Union retains the right to grieve the legality of any imposition of random testing in accordance with the Grievance Procedure set out in this Collective Agreement.

  • Benchmarks for Measuring Accessibility For the purposes of this Agreement, the accessibility of online content and functionality will be measured according to the W3C’s Web Content Accessibility Guidelines (WCAG) 2.0 Level AA and the Web Accessibility Initiative Accessible Rich Internet Applications Suite (WAI-ARIA) 1.0 for web content, which are incorporated by reference.

  • Alcohol Testing Alcohol testing will be conducted by using an evidential breath testing device (EBT) approved by the National Highway Traffic Safety Administration. Non-EBT devices may be used for initial screening tests. A screening test will be conducted first. If the result is an alcohol concentration level of less than 0.02, the test is considered a negative test. If the alcohol concentration level is 0.02 or more, a second confirmation test will be conducted. Levels of .04 or greater on the confirmation test will be considered positive.