Security Vulnerability Management Sample Clauses

Security Vulnerability Management. Company shall maintain a vulnerability management program aiming to identify and remediate security vulnerabilities within computing systems. This includes regular testing and a record of system remediation. Toolsets used to identify vulnerabilities are maintained with up-to-date vulnerability signatures. Results of vulnerability testing are utilized to craft an annual penetration test of systems and networks perceived as high risk, high value, or demonstrating a need for further scrutiny. All newly deployed systems or systems that have experienced a high level of change will be scanned for vulnerabilities prior to Production. Highly orchestrated environments with appropriate change control may be exempt from pre- deployment scanning.
AutoNDA by SimpleDocs
Security Vulnerability Management. Scitara will operate a vulnerability management programme and capabilities that routinely identifies security risks, vulnerabilities, and issues with infrastructure, applications, systems, and processes used to support, store, process, and track the Software Services, Customer Data, and Usage Data. Further, Scitara shall remediate security risks, vulnerabilities, and issues within the terms set forth in B.11.1, B.11.2, and B.11.3. (a) Critical risk vulnerabilities, CVSS score of 9.0 or higher, shall be remediated within 7 calendar days or less, (b) High risk vulnerabilities, CVSS score of 7.0 to 8.9, shall be remediated within 30 calendar days or less, (c) Medium risk vulnerabilities, CVSS score of 4.0 to 6.9, shall be remediated within 60 days or less, and (d) Low risk vulnerabilities, CVSS score of 0.1 to 3.9, shall be remediated within 90 days or less.
Security Vulnerability Management. The Customer must ensure that all Customer Systems that store, transmit, or process Customer Data and Comtrac Data undergo vulnerability scans on a regular basis (at least once a month); and Immediately after any system change. If a vulnerability scan performed by the Customer reveals any vulnerabilities, the Customer must immediately take all steps to remediate such vulnerabilities and report to Comtrac, detailing the vulnerabilities and their remediation action taken as soon as practicable. Protection from Malware In the event that the Customer uses Customer software to access the Comtrac Services, the Customer must ensure no backdoor, time bomb, trojan horse or other computer software enables access to a third person not authorised by Comtrac. The Customer must use all reasonable endeavours to ensure that the Comtrac Services are not compromised by malware. The Customer must use anti-malware controls to help avoid malicious software gaining unauthorised access to Customer Data and Comtrac Data including malicious software originating from public networks. Denial of Service Protection The Customer must ensure that all Customer Systems and devices used to access and use the Comtrac Services are protected from Distributed Denial of Service (DDoS) and Denial of Service (DoS) attacks with appropriate technologies and solutions. Penetration Testing The Customer must engage an independent third party to perform (at its own expense) and as least once every 12 (twelve) months, penetration testing and ethical hacking activities on the Customer Systems (and solutions and software if applicable) used to access and use the Comtrac Services. Where the results of the penetration testing negatively and materially impact the Comtrac Services, the Customer shall notify Comtrac as soon as reasonably possible, making the relevant results of the testing available to Comtrac. The Customer and Comtrac shall agree on a plan to rectify the vulnerabilities with immediate effect, prioritised by criticality. Back-ups The Customer must document and implement a backup policy which takes daily copies of Customer Data and Customer Systems used in the acquisition and use of the Comtrac Services, including for system administration; Patching; and Change management to ensure that the Customer is able to determine the Customer database restore point for database rollback purposes. The following daily backups must be retained for at least three months: New and material changes; and Softwar...

Related to Security Vulnerability Management

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • Security Management The Contractor shall comply with the requirements of the DOD 5200.1-M and the DD Form 254. Security of the Contractor’s electronic media shall be in accordance with the above documents. Effective Program Security shall require the Contractor to address Information Security and Operations Security enabled by the Security Classification Guides. The Contractor’s facility must be able to handle and store material up to the Classification Level as referenced in Attachment J-01, DD Form 254.

  • Virus Management DST shall maintain a malware protection program designed to deter malware infections, detect the presence of malware within DST environment.

  • Patch Management All workstations, laptops and other systems that process and/or 20 store PHI COUNTY discloses to CONTRACTOR or CONTRACTOR creates, receives, maintains, or 21 transmits on behalf of COUNTY must have critical security patches applied, with system reboot if 22 necessary. There must be a documented patch management process which determines installation 23 timeframe based on risk assessment and vendor recommendations. At a maximum, all applicable 24 patches must be installed within thirty (30) calendar or business days of vendor release. Applications 25 and systems that cannot be patched due to operational reasons must have compensatory controls 26 implemented to minimize risk, where possible.

  • Configuration Management The Contractor shall maintain a configuration management program, which shall provide for the administrative and functional systems necessary for configuration identification, control, status accounting and reporting, to ensure configuration identity with the UCEU and associated cables produced by the Contractor. The Contractor shall maintain a Contractor approved Configuration Management Plan that complies with ANSI/EIA-649 2011. Notwithstanding ANSI/EIA-649 2011, the Contractor’s configuration management program shall comply with the VLS Configuration Management Plans, TL130-AD-PLN-010-VLS, and shall comply with the following:

  • MANAGEMENT OF EVALUATION OUTCOMES 12.1 Where the Employer is, any time during the Employee’s employment, not satisfied with the Employee’s performance with respect to any matter dealt with in this Agreement, the Employer will give notice to the Employee to attend a meeting; 12.2 The Employee will have the opportunity at the meeting to satisfy the Employer of the measures being taken to ensure that his performance becomes satisfactory and any programme, including any dates, for implementing these measures; 12.3 Where there is a dispute or difference as to the performance of the Employee under this Agreement, the Parties will confer with a view to resolving the dispute or difference; and 12.4 In the case of unacceptable performance, the Employer shall – 12.4.1 Provide systematic remedial or developmental support to assist the Employee to improve his performance; and 12.4.2 After appropriate performance counselling and having provided the necessary guidance and/or support as well as reasonable time for improvement in performance, the Employer may consider steps to terminate the contract of employment of the Employee on grounds of unfitness or incapacity to carry out his or her duties.

  • SITE MANAGEMENT We reserve the right, but not the obligation, to: (1) monitor the Site for violations of these Terms of Use; (2) take appropriate legal action against anyone who, in our sole discretion, violates the law or these Terms of Use, including without limitation, reporting such user to law enforcement authorities; (3) in our sole discretion and without limitation, refuse, restrict access to, limit the availability of, or disable (to the extent technologically feasible) any of your Contributions or any portion thereof; (4) in our sole discretion and without limitation, notice, or liability, to remove from the Site or otherwise disable all files and content that are excessive in size or are in any way burdensome to our systems; and (5) otherwise manage the Site in a manner designed to protect our rights and property and to facilitate the proper functioning of the Site.

  • Quality Management Grantee will: 1. comply with quality management requirements as directed by the System Agency. 2. develop and implement a Quality Management Plan (QMP) that conforms with 25 TAC § 448.504 and make the QMP available to System Agency upon request. The QMP must be developed no later than the end of the first quarter of the Contract term. 3. update and revise the QMP each biennium or sooner, if necessary. Xxxxxxx’s governing body will review and approve the initial QMP, within the first quarter of the Contract term, and each updated and revised QMP thereafter. The QMP must describe Xxxxxxx’s methods to measure, assess, and improve - i. Implementation of evidence-based practices, programs and research-based approaches to service delivery; ii. Client/participant satisfaction with the services provided by Xxxxxxx; iii. Service capacity and access to services; iv. Client/participant continuum of care; and v. Accuracy of data reported to the state. 4. participate in continuous quality improvement (CQI) activities as defined and scheduled by the state including, but not limited to data verification, performing self-reviews; submitting self-review results and supporting documentation for the state’s desk reviews; and participating in the state’s onsite or desk reviews. 5. submit plan of improvement or corrective action plan and supporting documentation as requested by System Agency. 6. participate in and actively pursue CQI activities that support performance and outcomes improvement. 7. respond to consultation recommendations by System Agency, which may include, but are not limited to the following: i. Staff training; ii. Self-monitoring activities guided by System Agency, including use of quality management tools to self-identify compliance issues; and iii. Monitoring of performance reports in the System Agency electronic clinical management system.

  • Disease Management If you have a chronic condition such as asthma, coronary heart disease, diabetes, congestive heart failure, and/or chronic obstructive pulmonary disease, we’re here to help. Our tools and information can help you manage your condition and improve your health. You may also be eligible to receive help through our care coordination program. This voluntary program is available at no additional cost you. To learn more about disease management, please call (000) 000-0000 or 0-000-000-0000. Our entire contract with you consists of this agreement and our contract with your employer. Your ID card will identify you as a member when you receive the healthcare services covered under this agreement. By presenting your ID card to receive covered healthcare services, you are agreeing to abide by the rules and obligations of this agreement. Your eligibility for benefits is determined under the provisions of this agreement. Your right to appeal and take action is described in Appeals in Section 5. This agreement describes the benefits, exclusions, conditions and limitations provided under your plan. It shall be construed under and shall be governed by the applicable laws and regulations of the State of Rhode Island and federal law as amended from time to time. It replaces any agreement previously issued to you. If this agreement changes, an amendment or new agreement will be provided.

  • Workload Management 11.1 The parties to this Agreement acknowledge that employees and management have a responsibility to maintain a balanced workload and recognise the adverse affects that excessive workloads may have on employee/s and the quality of resident/client care. 11.2 To ensure that employee concerns involving excessive workloads are effectively dealt with by Management the following procedures should be applied: (a) Step 1: In the first instance, employee/s should discuss the issue with their immediate supervisor and, where appropriate, explore solutions. (b) Step 2: If a solution cannot be identified and implemented, the matter should be referred to an appropriate senior manager for further discussion. (c) Step 3: If a solution still cannot be identified and implemented, the matter should be referred to the Facility Manager for further discussion. (d) Step 4: The outcome of the discussions at each level and any proposed solutions should be recorded in writing and fed back to the effected employees. 11.3 Workload management must be an agenda item at staff meetings on at least a quarterly basis. Items in relation to workloads must be recorded in the minutes of the staff meeting, as well as actions to be taken to resolve the workloads issue/s. Resolution of workload issues should be based on the following criteria including but not limited to: (a) Clinical assessment of residents’ needs; (b) The demand of the environment such as facility layout; (c) Statutory obligation, (including, but not limited to, work health and safety legislation); (d) The requirements of nurse regulatory legislation; (e) Reasonable workloads (such as roster arrangements); (f) Accreditation standards; and (g) Budgetary considerations. 11.4 If the issue is still unresolved, the employee/s may advance the matter through Clause 9 Dispute Resolution Procedure. Arbitration of workload management issues may only occur by agreement of the employer and the employee representative, which may include the union/s.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!