Cybersecurity Audits. At least once per Contract Year, Contractor shall conduct Contractor Site audits of the information technology and information security controls for applicable facilities primarily used for the SaaS Services in complying with its obligations under this Agreement, including obtaining a network-level vulnerability assessment performed by a recognized independent third-party audit firm based on recognized industry practices. For example, if a third-party facility is used, Contractor will make available any third-party audits of such facilities it has access to. Upon request by AOC or Customer, Contractor shall support any cybersecurity audits or penetration testing of the System. Upon AOC’s or Customer’s written request, Contractor shall make available to AOC for review the complete results of Contractor’s most current: Statement on Standards for Attestation Engagements No. 18 audit reports for Reporting on Controls at a Service Organization, Service Organization Controls Type 1, 2, or 3 audit reports, and any reports relating to its ISO/IEC 27001 certification. Contractor shall promptly address any exceptions noted on the SOC reports, or other audit reports, with the development and implementation of a Corrective Action Plan by Contractor.
Cybersecurity Audits. At least once per Contract Year, Contractor shall conduct Contractor Site audits of the information technology and information security controls for all facilities used in complying with its obligations under this Agreement, including obtaining a network-level vulnerability assessment performed by a recognized independent third-party audit firm based on recognized industry best practices. Upon request by AOC or Customer, Contractor shall support any cybersecurity audits or penetration testing of the System. Upon AOC’s or Customer’s written request, Contractor shall make available to AOC for review the complete results of Contractor’s most-current: Statement on Standards for Attestation Engagements No. 18 audit reports for Reporting on Controls at a Service Organization, Service Organization Controls Type 1, 2, or 3 audit reports, and any reports relating to its ISO/IEC 27001 certification. Contractor shall promptly address any exceptions noted on the SOC reports, or other audit reports, with the development and implementation of a Corrective Action Plan by Contractor.
Cybersecurity Audits. At least once per Contract Year, Contractor shall conduct an audit of its SaaS Services used in complying with its obligations under this Agreement, in accordance with the AICPA’s Statement on Standards for Attestation Engagements (“SSAE”) No. 18, Type 2. Contractor has attained, and will maintain, Type II SSAE compliance, or its equivalent, during the Term of this Agreement. Upon execution of a mutually agreeable Non-Disclosure Agreement (“NDA”), Contractor will provide OCA with a summary of the SSAE-18 compliance report or its equivalent. Every year thereafter, for so long as the NDA is in effect and in which OCA makes a written request, Contractor will provide that same information. Contractor conducts annual penetration testing of either the production network and/or web application to be performed. Contractor will maintain industry standard intrusion detection and prevention systems to monitor malicious activity in the network and to log and block any such activity. Contractor will provide OCA with a written or electronic record of the actions taken by Contractor in the event that any unauthorized access to OCA’s database(s) is detected as a result of Contractor’s security protocols. Contractor will undertake an additional security audit, on terms and timing to be mutually agreed to by the parties, at XXX’s written request. OCA may not attempt to bypass or subvert security restrictions in the SaaS Services or environments related to Contractor’s Software. Unauthorized attempts to access files, passwords or other confidential information, and unauthorized vulnerability and penetration test scanning of Contractor’s network and systems (hosted or otherwise) is prohibited without the prior written approval of Contractor’s IT Security Officer. MSA OCA Contract No. 212210180
Cybersecurity Audits a. If requested by the tenant, the Tenant and the Landlord shall work together to mutually agree a commercial and technical approach to jointly execute a cyber- security Audit of the Landlord building control and monitoring system(s) owned and operated by the Landlord. Parties to agree to make reasonable efforts to reach an agreement within a reasonable time after the execution of this Amendment. Upon execution of the Audit, any recommendations to improve/remedy the cyber security status of the Landlord building control and monitoring system(s) shall be considered by the Landlord, and where any serious vulnerabilities are identified the parties will agree on rectification measures required and allocation of these costs.
Cybersecurity Audits. At least once per Contract Year, Contractor shall conduct Contractor Site audits of the information technology and information security controls for all facilities used in complying with its obligations under this Agreement, including obtaining from an OCA- approved independent third-party audit firm either: (i) a network-level vulnerability assessment based on recognized industry practices; or (ii) certifications documenting that the subject facilities meet all requirements of this provision. Upon OCA’s or Customer’s written request, Contractor shall make available to OCA for review the complete results of Contractor’s current Statement on Standards for Attestation Engagements No. 18 audit reports for Reporting on Controls at a Service Organization, Service Organization Controls Type 1, 2, or 3 audit reports, and any reports relating to its ISO/IEC 27001 certification. Contractor shall use reasonable efforts to address any exceptions noted on the SOC reports, or other audit reports.
