Penetration Testing Sample Clauses

Penetration Testing. For Computershare systems that host or process Customer Confidential Information, Computershare shall at least annually engage at its own expense a third party service provider for penetration testing and provide Customer with an executive overview of such testing. The method of test scoring and issue ratings shall follow standard industry practice, such as the latest Common Vulnerability Scoring System (CVSS) published by the US National Institute of Standards and Technology (NIST). For any material findings (critical, priority, or high risk), Computershare shall within thirty (30) days from its receipt of penetration test results produce a remediation plan detailing the actions and dates by when these security issues shall be fully resolved. Computershare’s failure to prepare and schedule a remediation plan within sixty (60) days of the penetration test report represents sufficient grounds for Customer to terminate the Agreement for cause.
AutoNDA by SimpleDocs
Penetration Testing. On at least an annual basis, Genesys will conduct a vulnerability assessment and penetration testing engagement with an independent qualified vendor. Issues identified during the engagement will be appropriately addressed within a reasonable time-frame commensurate with the identified risk level of the issue. Test results will be made available to Customer upon written request and will be subject to non-disclosure and confidentiality agreements.
Penetration Testing. Smartsheet uses external security experts to conduct penetration testing of certain Services, including the Subscription Service. Such testing will: (a) be performed at least annually; (b) be performed by independent third party security professionals at Smartsheet’s selection and expense; and (c) result in the generation of a penetration test report (“Pen Test Report”), which will be Smartsheet’s Confidential Information. Pen Test Reports will be made available to Customer upon written request no more than annually subject to the confidentiality obligations of the Agreement or a mutually-agreed non-disclosure agreement covering the Pen Test Report.
Penetration Testing. In addition to regular internal testing HTL contracts third party security organisations, at least annually, to perform penetration testing to identify vulnerabilities and remediation steps that will help to increase the security of the HTL service.
Penetration Testing. Sysdig, or an authorized third party on Sysdig’s behalf, conducts annual penetration testing of its SaaS Service to assess current threats and vulnerabilities. Each security concern is reviewed to determine if it is applicable, ranked based on risk, and assigned to the appropriate team for remediation.
Penetration Testing. Vendor shall test the security of its assets, systems and software used to store, process, transmit or maintain Confidential Information as frequently as necessary to confirm that system integrity and security are consistent with current leading industry accepted standards and practices. Vendor is responsible for and shall conduct penetration testing of its own products, assets, systems and software to identify and remediate vulnerabilities in its own environment and to communicate identified vulnerabilities and remediation steps to Customer based on current leading industry accepted penetration testing approaches. Vendor shall provide Customer with Vendor’s penetration test results as it relates to assets, systems and software used to store, process, transmit or maintain Confidential Information, including all relevant details regarding each vulnerability identified.
Penetration Testing. At least annually, Microsoft will conduct third party penetration testing against the Online Services, including evidence of data isolation among tenants in the multi-tenant Online Services. Upon request, Microsoft will provide Members with a summary report of the results of such penetration testing.
AutoNDA by SimpleDocs
Penetration Testing. At least ***, Acxiom will engage *** a third party security services provider to perform perimeter vulnerability and penetration testing of Acxiom’s external systems and databases. Acxiom will provide to D&B the “Statement of Opinion” issued to Acxiom by such third party provider following each such vulnerability and/or penetration test series, which shall be provided to D&B promptly upon its receipt by Acxiom. Additionally, Acxiom will itself perform regular vulnerability testing on external and internal devices connected to the Acxiom network supporting D&B. At least once each calendar quarter, or more frequently as D&B may reasonably request, the parties will include in the agenda for the meetings described in Section 11.2(b)(iii) above: (a) discussion of testing methodologies used by Acxiom, (b) identification of any requirements to modify such testing methodologies, in order to meet industry standards for testing, along with associated timeline(s) for inclusion of such modifications into the testing, and (c) a summary of the most current *** vulnerability scanning results, including but not limited to discussing scan results for portions of Acxiom systems that are dedicated to supporting only D&B. ***
Penetration Testing. You acknowledge that penetration testing services are intended to probe and exploit system weaknesses which can cause damage to vulnerable systems. You agree that Palo Alto Networks shall not be liable for any resulting damage and You are advised to fully back up systems and data and take other measures it deems appropriate given the volatile nature of penetration testing.
Penetration Testing. If any Services to be provided by Administrator include the hosting or support of one or more externally facing applications that can be used to access systems that store or process Confidential Information, the terms of this Section will apply. (a) At least once every 12 months during the term and promptly after any major changes being moved into production, Administrator will conduct a Valid Penetration Test (as defined below) on each application described above. As used herein, a “Valid Penetration Test” means a series of tests performed by third-party certified testing professional or a team of thirdparty certified professionals, which tests mimic real-world attack scenarios on the information system under test and include, without limitation, the following: (i) information-gathering steps and scanning for vulnerabilities; (ii) manual testing of the system for logical flaws, configuration flaws, or programming flaws that impact the system's ability to ensure the confidentiality, integrity, or availability of Service Recipient's information assets; (iii) system-compromise steps; (iv) escalation-of-privilege steps; and (v) assignment of a risk rating for each finding based on the level of potential risk exposure to Service Recipient's brand or information assets. (b) Upon Service Recipient's request, Administrator will review the results of the most recent Valid Penetration Test with Service Recipient and provide the following for Service Recipient's review: (i) the penetration test report (which may be redacted to ensure confidentiality of the technical details of the flaws in the system under test) showing the testing methodology used for performing the testing, which report will include information-gathering steps, vulnerability scanning, manual testing, system compromise, and escalation of privilege steps; and (ii) upon request, oral updates regarding timelines for remediation of any issues identified in the report and for other penetration-testing activity until the next annual review.
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!