Common use of Ongoing Security Testing Clause in Contracts

Ongoing Security Testing. Vendor will periodically test its systems for potential areas where security could be breached. During the term, to the extent Vendor engages a Third Party auditor to perform an SSAE 16 of Vendor’s operations, information security program, and/or disaster recovery/business continuity plan, Vendor shall promptly furnish a copy of the test report or audit report to OCIO. In addition, Vendor shall disclose its non-proprietary security processes and technical limitations to OCIO to enable OCIO to identify compensating controls necessary to adequately safeguard and protect Customer Data. For example, Vendor shall disclose its security processes with respect to virus checking and port sniffing to OCIO.

Ongoing Security Testing. Vendor will periodically test its systems for potential areas where security could be breached. During the term, to the extent Vendor engages a Third Party auditor to perform an SSAE 16 of Vendor’s operations, information security program, and/or disaster recovery/business continuity plan, plan for the applicable Services Vendor shall promptly furnish a copy of the test report or audit report to OCIO. In addition, Vendor shall disclose its non-proprietary security processes and technical limitations to OCIO to enable OCIO to identify compensating controls necessary to adequately safeguard and protect Customer Data. For example, Vendor shall disclose its security processes with respect to virus checking and port sniffing to OCIO.

Ongoing Security Testing. Vendor will periodically test its systems for potential areas where security could be breached. During the termTerm, to the extent Vendor engages a Third Party auditor to perform an SSAE 16 of Vendor’s operations, information security program, and/or disaster recovery/business continuity plan, Vendor shall promptly furnish a copy of the test report or audit report to OCIODOE. In addition, Vendor shall disclose its non-proprietary security processes and technical limitations to OCIO DOE to enable OCIO DOE to identify compensating controls necessary to adequately safeguard and protect Customer Data. For example, Vendor shall disclose its security processes with respect to virus checking and port sniffing to OCIODOE.