Common use of Penetration Tests Clause in Contracts

Penetration Tests. The Client may carry out penetration tests on the non-mutualized Services (the "Penetration Test(s)") under the conditions set out below. The Penetration Test(s) may be carried out by the Client or by a third party appointed by the Client, who is then responsible for carrying out the Penetration Test(s). In this case, the Client must ensure that the third-party accepts and complies with the conditions of this article and those of Article 13 (Confidentiality). The Client must obtain prior authorization from the Users of the perimeter targeted by the Penetration Test and inform them of its potential impact (notably unavailability of the Service and loss of data). The Client is solely responsible for the consequences of Penetration Tests on Services and Content. Penetration Tests must exclusively conducted on the Services used by the Client, and must not: (a) target elements and Infrastructures other than those used exclusively by the Client (in particular OVHcloud's Infrastructures, networks and shared services); (b) disrupt the proper operation of the Services, OVHcloud's Infrastructures and networks or have any impact whatsoever on Services provided to other Clients. Security measures on the Services remain active and may result in the Services being unavailable. At the end of a Penetration Test, a written audit report must be sent to OVHcloud (i) at its request, or (ii) if the Penetration Test has detected flaws or vulnerabilities. All information disclosed or collected as part of the Penetration Test (including the audit report) and concerning OVHcloud, is considered confidential within the meaning of Article 13 (Confidentiality).

Penetration Tests. The Client may carry out penetration tests on the non-mutualized Services (the "Penetration Test(s)") under the conditions set out below. The Penetration Test(s) may be carried out by the Client or by a third party appointed by the Client, who is then responsible for carrying out the Penetration Test(s). In this case, the Client must ensure that the third-party accepts and complies with the conditions of this article and those of Article 13 (Confidentiality). The Client must obtain prior authorization from the Users of the perimeter targeted by the Penetration Test and inform them of its potential impact (notably unavailability of the Service and loss of data). The Client is solely responsible for the consequences of Penetration Tests on Services and Content. Penetration Tests must exclusively conducted on the Services used by the Client, and must not: (a) target elements and Infrastructures other than those used exclusively by the Client (in particular OVHcloud's Infrastructures, networks and shared services); (b) disrupt the proper operation of the Services, OVHcloud's Infrastructures and networks or have any impact whatsoever on Services provided to other Clients. Security measures on the Services remain active and may result in the Services being unavailable. At the end of a an Penetration Test, a written audit report must be sent to OVHcloud (i) at its request, or (ii) if the Penetration Test has detected flaws or vulnerabilities. All information disclosed or collected as part of the Penetration Test (including the audit report) and concerning OVHcloud, is considered confidential within the meaning of Article 13 (Confidentiality).

Penetration Tests. The Client may carry out penetration tests on the non-mutualized Services (the "Penetration Test(s)") under the conditions set out below. The Penetration Test(s) may be carried out by the Client or by a third party appointed by the Client, who is then responsible for carrying out the Penetration Test(s). In this case, the Client must ensure that the third-party accepts and complies with the conditions of this article and those of Article 13 (Confidentiality). The Client must obtain prior authorization from the Users of the perimeter targeted by the Penetration Test and inform them of its potential impact (notably unavailability of the Service and loss of data). The Client is solely responsible for the consequences of Penetration Tests on Services and Content. Penetration Tests must be exclusively conducted on the Services used by the Client, Client and must not: (a) target elements and Infrastructures other than those used exclusively by the Client (in particular OVHcloud's Infrastructures, networks and shared services); (b) disrupt the proper operation of the Services, OVHcloud's Infrastructures and networks or have any impact whatsoever on Services provided to other Clients. Security measures on the Services remain active and may result in the Services being unavailable. At the end of a Penetration Test, a written audit report must be sent to OVHcloud (i) at its request, or (ii) if the Penetration Test has detected flaws or vulnerabilities. All information disclosed or collected as part of the Penetration Test (including the audit report) and concerning OVHcloud, is considered confidential within the meaning of Article 13 (Confidentiality).