Security Testing. The Supplier shall conduct Security Tests from time to time (and at least annually across the scope of the ISMS) and additionally after any change or amendment to the ISMS (including security incident management processes and incident response plans) or the Security Management Plan. Security Tests shall be designed and implemented by the Supplier so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Customer. Subject to compliance by the Supplier with the foregoing requirements, if any Security Tests adversely affect the Supplier’s ability to deliver the Services so as to meet the Service Level Performance Measures, the Supplier shall be granted relief against any resultant under-performance for the period of the Security Tests. The Customer shall be entitled to send a representative to witness the conduct of the Security Tests. The Supplier shall provide the Customer with the results of such Security Tests (in a form approved by the Customer in advance) as soon as practicable after completion of each Security Test. Without prejudice to any other right of audit or access granted to the Customer pursuant to this Call Off Contract, the Customer and/or its authorised representatives shall be entitled, at any time upon giving reasonable notice to the Supplier, to carry out such tests (including penetration tests) as it may deem necessary in relation to the ISMS and the Supplier's compliance with the ISMS and the Security Management Plan. The Customer may notify the Supplier of the results of such tests after completion of each such test. If any such Customer’s test adversely affects the Supplier’s ability to deliver the Services so as to meet the Target Performance Levels, the Supplier shall be granted relief against any resultant under-performance for the period of the Customer’s test. Where any Security Test carried out pursuant to paragraphs 100.2 or 100.3 of this Call Off Schedule reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Supplier shall promptly notify the Customer of any changes to the ISMS and to the Security Management Plan (and the implementation thereof) which the Supplier proposes to make in order to correct such failure or weakness. Subject to the Customer's prior written Approval, the Supplier shall implement such changes ...
Security Testing. Flexera has arranged for all testing as detailed in this Section below to be undertaken by an independent third party.
a. Flexera, through its contractors, will perform penetration testing on the Flexera’s systems no more than once every twelve (12) months. If the penetration testing conducted discovers vulnerabilities in Flexera’s systems, Flexera will, to the extent that such vulnerabilities result in an inability to materially comply with this Schedule, remediate such vulnerabilities and re-perform the penetration testing focusing on those vulnerabilities discovered from the initial penetration testing. Upon receipt of a written request, Flexera will make available the penetration testing executive summary report to Customer.
b. Flexera will, upon request, provide mutually agreed metrics at an agreed frequency to Customer to illustrate the performance of the testing schedule.
Security Testing. Xxxxxxxx has arranged for all testing as detailed in this Section below to be undertaken by an independent third party.
a. Revenera, through its contractors, will perform penetration testing on the Revenera’s systems no more than once every twelve
Security Testing. 5.1 During the performance of Services under the Agreement, Processor shall engage, at its own expense and at least one time per year, a third party vendor (“Testing Company”) to perform penetration and vulnerability testing (“Security Tests”) with respect to Processor’s systems containing and/or storing Personal Data.
5.2 The objective of such Security Tests shall be to identify design and/or functionality issues in applications or infrastructure of the Processor systems containing and/or storing Personal Data, which could expose Controller’s assets to risks from malicious activities. Security Tests shall probe for weaknesses in applications, network perimeters or other infrastructure elements as well as weaknesses in process or technical countermeasures relating to the Processor systems containing and/or storing Personal Data that could be exploited by a malicious party.
5.3 Security Tests shall identify, at a minimum, the following security vulnerabilities: invalidated or un- sanitized input; broken or excessive access controls; broken authentication and session management; cross- site scripting (XSS) flaws; buffer overflows; injection flaws; improper error handling; insecure storage; common denial of service vulnerabilities; insecure or inconsistent configuration management; improper use of SSL/TLS; proper use of encryption; and anti-virus reliability and testing.
5.4 Within a reasonable period after the Security Test has been performed, Processor shall remediate the issues (if any) identified and subsequently engage, at its own expense, the Testing Company to perform a revalidation Security Test to ensure resolution of identified security issues. Results thereof shall be made available to the Controller upon request.
Security Testing. SSAE 16 Service Organization Control (SOC 2 and 3) Type II audits completed annually by a third party. • Global network penetration test conducted annually. Penetration test results are considered SAS’ Confidential Information. • Penetration tests performed for new and significantly-changed production applications that are exposed to the Internet.
Security Testing. Whimsical shall regularly test, assess and evaluate the effectiveness of the security measures set forth in Appendix 1.
Security Testing. The Contractor shall perform a series of steps to verify the security of applications to be defined. The Contractor is expected to:
Security Testing. Examination of The System, directly or indirectly through interfaces to which Yahoo, its agents, and/or Yahoo Affiliates have access without the need for Partner coordination, by manual interaction with or automated test cases that can identify and/or diagnose, or are intended to identify and/or diagnose, Security Issues. [***] Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions. Homes for Sale Partnership The System: Any and all components owned, operated, or provided by Partner or on behalf of Partner, that are involved in receiving, delivering or storing data required to perform Partner’s obligations under the Business Agreement, including, but not limited to, the applicable networks, databases, software, computer systems, backups, devices, processes, documentation, data, and physical premises. Yahoo Affiliate: Any partnership, limited liability company, corporation, or other entity that, directly or indirectly though one or more intermediaries, controls, is controlled by, or is under common control with Yahoo or in which Yahoo! owns an ownership interest of twenty percent (20%) or more.
Security Testing a. Yahoo, its agents, and/or Yahoo Affiliates, in its sole discretion, has the right at any time to perform remote Security Testing of The System, excluding physical premises. Such Security Testing does not include actions (e.g., penetration testing) that could reasonably be anticipated to cause material harm or damage to The System or materially impair its performance. Security Testing may result in the identification of Security Issues.
b. Upon Yahoo’s request, Partner will promptly white list IP addresses provided by Yahoo to allow accurate Security Testing to occur.
c. Partner will not impede Yahoo, its agents, and/or Yahoo Affiliates from performing Security Testing; provided, however, that if Partner reasonably believes the Security Testing will cause material harm or damage to The System or materially impair its performance, Partner will (a) take the minimum action necessary to prevent or mitigate such harm or damage; (b) if applicable, contact Yahoo immediately and explain the nature of the harm or damage that occurred; and (c) work with Yahoo so that Security Testing can occur without inflicting material harm or damage to The System or its performance.
Security Testing. 5 The vendor shall perform a series of steps to verify the security of applications to be defined. The 6 vendor is expected to:
8 1. Look for vulnerabilities at various layers of the target environment. In the lowest layer, the 9 vendor’s testing team will look for flaws in the target network environment, including any 10 routers and firewalls designed to control access to the web server and related target 11 components. The team will attempt to determine whether such filters provide adequate 12 protection at the network layer of the target hosts that the team can reach across the 13 Internet.
14 2. Look for flaws in the Internet-accessible hosts associated with the target infrastructure, 15 including the web server. This host-based component of the test will analyze which 16 network-accessible services are available on the target hosts across the Internet, including 17 the web server process. The testing team will look for incorrect configuration, unpatched 18 or enabled services, and other related problems on the target hosts.
19 3. Use a combination of tools, utilities and methodologies to review the various points of 20 potential security failure. 21 22 This review will include but not be limited to:
