Security Testing. The Service Provider shall: (a) conduct relevant Security Tests from time to time and (b) specifically conduct Security Tests required by the Cyber Security Requirements at such times as set out in the Cyber Security Requirements (and in both cases (a) and (b), not less frequently than annually). Security Tests shall be designed and implemented by the Service Provider so as to minimise the impact on the delivery of the Services and the date, timing, content and conduct of such Security Tests shall be agreed in advance with the Purchaser. Subject to compliance by the Service Provider with the foregoing requirements, if any Security Tests adversely affect the Service Provider’s ability to deliver the Services so as to meet the Service Levels, the Service Provider shall be granted relief against any resultant under-performance for the period of the Security Tests. The Service Provider shall provide the Purchaser with the results of such tests (in a form approved by the Purchaser in advance) as soon as practicable after completion of each Security Test. Where any Security Test carried out reveals any actual or potential Breach of Security or weaknesses (including un-patched vulnerabilities, poor configuration and/or incorrect system management), the Service Provider shall promptly notify the Purchaser of any changes to the Security Plan (and the implementation thereof) which the Service Provider proposes to make in order to correct such failure or weakness. Subject to the Purchaser's prior written approval, the Service Provider shall implement such changes to the Security Plan and repeat the relevant Security Tests in accordance with the timetable agreed with the Purchaser or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan is to address a non-compliance with the security requirements (as set out in Schedule 2 (Specification [and Service Levels] and/or elsewhere in the Contract)) or the requirements of this Schedule, the change to the Security Plan shall be at no cost to the Purchaser. If any repeat Security Test carried out pursuant to paragraph 5.3 reveals an actual or potential Breach of Security exploiting the same root cause failure, such circumstance shall be deemed to constitute a material Default that is capable of remedy. It shall also be deemed to be a Delay for the purposes of clause 24.3 (Rectification Plan) and be dealt with accordingly in terms of clause 24.3 (Rectification Plan).
Security Testing. Flexera has arranged for all testing as detailed in this Section below to be undertaken by an independent third party.
a. Flexera, through its contractors, will perform penetration testing on the Flexera’s systems no more than once every twelve (12) months. If the penetration testing conducted discovers vulnerabilities in Flexera’s systems, Flexera will, to the extent that such vulnerabilities result in an inability to materially comply with this Schedule, remediate such vulnerabilities and re-perform the penetration testing focusing on those vulnerabilities discovered from the initial penetration testing. Upon receipt of a written request, Flexera will make available the penetration testing executive summary report to Customer.
b. Flexera will, upon request, provide mutually agreed metrics at an agreed frequency to Customer to illustrate the performance of the testing schedule.
Security Testing. 5.1 During the performance of Services under the Agreement, Processor shall engage, at its own expense and at least one time per year, a third party vendor (“Testing Company”) to perform penetration and vulnerability testing (“Security Tests”) with respect to Processor’s systems containing and/or storing Personal Data.
5.2 The objective of such Security Tests shall be to identify design and/or functionality issues in applications or infrastructure of the Processor systems containing and/or storing Personal Data, which could expose Controller’s assets to risks from malicious activities. Security Tests shall probe for weaknesses in applications, network perimeters or other infrastructure elements as well as weaknesses in process or technical countermeasures relating to the Processor systems containing and/or storing Personal Data that could be exploited by a malicious party.
5.3 Security Tests shall identify, at a minimum, the following security vulnerabilities: invalidated or un- sanitized input; broken or excessive access controls; broken authentication and session management; cross- site scripting (XSS) flaws; buffer overflows; injection flaws; improper error handling; insecure storage; common denial of service vulnerabilities; insecure or inconsistent configuration management; improper use of SSL/TLS; proper use of encryption; and anti-virus reliability and testing.
5.4 Within a reasonable period after the Security Test has been performed, Processor shall remediate the issues (if any) identified and subsequently engage, at its own expense, the Testing Company to perform a revalidation Security Test to ensure resolution of identified security issues. Results thereof shall be made available to the Controller upon request.
Security Testing. SSAE 16 Service Organization Control (SOC 2 and 3) Type II audits completed annually by a third party. • Global network penetration test conducted annually. Penetration test results are considered SAS’ Confidential Information. • Penetration tests performed for new and significantly-changed production applications that are exposed to the Internet.
Security Testing. Whimsical shall regularly test, assess and evaluate the effectiveness of the security measures set forth in Appendix 1.
Security Testing. Xxxxxxxx has arranged for all testing as detailed in this Section below to be undertaken by an independent third party.
a. Revenera, through its contractors, will perform penetration testing on the Revenera’s systems no more than once every twelve
Security Testing. Examination of The System, directly or indirectly through interfaces to which Yahoo, its agents, and/or Yahoo Affiliates have access without the need for Partner coordination, by manual interaction with or automated test cases that can identify and/or diagnose, or are intended to identify and/or diagnose, Security Issues. [***] Certain information has been omitted and filed separately with the Securities and Exchange Commission. Confidential treatment has been requested with respect to the omitted portions. Homes for Sale Partnership The System: Any and all components owned, operated, or provided by Partner or on behalf of Partner, that are involved in receiving, delivering or storing data required to perform Partner’s obligations under the Business Agreement, including, but not limited to, the applicable networks, databases, software, computer systems, backups, devices, processes, documentation, data, and physical premises. Yahoo Affiliate: Any partnership, limited liability company, corporation, or other entity that, directly or indirectly though one or more intermediaries, controls, is controlled by, or is under common control with Yahoo or in which Yahoo! owns an ownership interest of twenty percent (20%) or more.
Security Testing. The Contractor shall perform a series of steps to verify the security of applications to be defined. The Contractor is expected to:
Security Testing a. Yahoo, its agents, and/or Yahoo Affiliates, in its sole discretion, has the right at any time to perform remote Security Testing of The System, excluding physical premises. Such Security Testing does not include actions (e.g., penetration testing) that could reasonably be anticipated to cause material harm or damage to The System or materially impair its performance. Security Testing may result in the identification of Security Issues.
b. Upon Yahoo’s request, Partner will promptly white list IP addresses provided by Yahoo to allow accurate Security Testing to occur.
c. Partner will not impede Yahoo, its agents, and/or Yahoo Affiliates from performing Security Testing; provided, however, that if Partner reasonably believes the Security Testing will cause material harm or damage to The System or materially impair its performance, Partner will (a) take the minimum action necessary to prevent or mitigate such harm or damage; (b) if applicable, contact Yahoo immediately and explain the nature of the harm or damage that occurred; and (c) work with Yahoo so that Security Testing can occur without inflicting material harm or damage to The System or its performance.
Security Testing. 5 The vendor shall perform a series of steps to verify the security of applications to be defined. The 6 vendor is expected to:
8 1. Look for vulnerabilities at various layers of the target environment. In the lowest layer, the 9 vendor’s testing team will look for flaws in the target network environment, including any 10 routers and firewalls designed to control access to the web server and related target 11 components. The team will attempt to determine whether such filters provide adequate 12 protection at the network layer of the target hosts that the team can reach across the 13 Internet.
14 2. Look for flaws in the Internet-accessible hosts associated with the target infrastructure, 15 including the web server. This host-based component of the test will analyze which 16 network-accessible services are available on the target hosts across the Internet, including 17 the web server process. The testing team will look for incorrect configuration, unpatched 18 or enabled services, and other related problems on the target hosts.
19 3. Use a combination of tools, utilities and methodologies to review the various points of 20 potential security failure. 21 22 This review will include but not be limited to:
