Penetration Testing. For Computershare systems that host or process Customer Confidential Information, Computershare shall at least annually engage at its own expense a third party service provider for penetration testing and provide Customer with an executive overview of such testing. The method of test scoring and issue ratings shall follow standard industry practice, such as the latest Common Vulnerability Scoring System (CVSS) published by the US National Institute of Standards and Technology (NIST). For any material findings (critical, priority, or high risk), Computershare shall within thirty (30) days from its receipt of penetration test results produce a remediation plan detailing the actions and dates by when these security issues shall be fully resolved. Computershare’s failure to prepare and schedule a remediation plan within sixty (60) days of the penetration test report represents sufficient grounds for Customer to terminate the Agreement for cause.
Appears in 18 contracts
Samples: Transfer Agency and Service Agreement (Blackrock Muniassets Fund, Inc.), Transfer Agency and Service Agreement, Transfer Agency and Service Agreement (Blackrock Credit Allocation Income Trust)