Vulnerabilities and Corrective Action Sample Clauses

Vulnerabilities and Corrective Action. 10.1 The Authority and the Supplier acknowledge that from time to time vulnerabilities in the Information System will be discovered which unless mitigated will present an unacceptable risk to the Data. 10.2 The severity of threat vulnerabilities for Supplier COTS Software and Third Party COTS Software shall be categorised by the Supplier as ‘Critical’, ‘Important’ and ‘Other’ by aligning these categories to the vulnerability scoring according to the agreed method in the Information Risk Management Documentation and using the appropriate vulnerability scoring systems including: 10.2.1 the ‘National Vulnerability Database’ ‘Vulnerability Severity Ratings’: ‘High’, ‘Medium’ and ‘Low’ respectively (these in turn are aligned to CVSS as set out by NIST xxxx://xxx.xxxx.xxx/xxxx.xxx); and 10.2.2 Microsoft’s ‘Security Bulletin Severity Rating System’ ratings ‘Critical’, ‘Important’, and the two remaining levels (‘Moderate’ and ‘Low’) respectively. 10.3 The Supplier shall procure the application of security patches to vulnerabilities in the Information System within a maximum period from the public release of such patches with those vulnerabilities categorised as ‘Critical’ within 7 days of release, ‘Important’ within 30 days of release and all ‘Other’ within 60 Working Days of release, except where: 10.3.1 the Supplier can demonstrate that a vulnerability in the Information System is not exploitable within the context of the Services (e.g. because it resides in a software component which is not running in the service) provided vulnerabilities which the Supplier asserts cannot be exploited within the context of the Services must be remedied by the Supplier within the above timescales if the vulnerability becomes exploitable within the context of the Services; 10.3.2 the application of a ‘Critical’ or ‘Important’ security patch adversely affects the Supplier’s ability to deliver the Services in which case the Supplier shall be granted an extension to such timescales of 5 days, provided the Supplier had followed and continues to follow the security patch test plan agreed with the Authority; or 10.3.3 the Authority agrees a different maximum period after a case-by-case consultation with the Supplier under the processes defined in the Information Risk Management Documentation. 10.4 The Information Risk Management Documentation shall include provisions for major version upgrades of all Supplier Software and Third Party Software which are COTS Products to be kept up to da...
Sample 1
AutoNDA by SimpleDocs
Vulnerabilities and Corrective Action. 7.1 The Authority and the Service Provider acknowledge that from time to time vulnerabilities in the Authority’s System, the Service Provider’s System and the Service Provider Solution will be discovered which unless mitigated will present an unacceptable risk to the Authority’s information, including Data. 7.2 The severity of threat vulnerabilities for the Services shall be categorised by using an appropriate vulnerability scoring systems including: (a) the ‘National Vulnerability Database’ ‘Vulnerability Severity Ratings’: ‘High’, ‘Medium’ and ‘Low’ respectively (these in turn are aligned to CVSS scores as set out by NIST xxxx://xxx.xxxx.xxx/xxxx.xxx); and/or (b) Microsoft’s ‘Security Bulletin Severity Rating System’ ratings ‘Critical’, ‘Important’, and the two remaining levels (‘Moderate’ and ‘Low’) respectively. 7.3 The Service Provider shall ensure the application of security patches to vulnerabilities in a timely and prioritised manner. 7.4 The Service Provider shall ensure all Service Provider COTS Software and Third Party COTS Software are upgraded within 6 months of the release of the latest version, such that it is no more than one major version level below the latest release (normally codified as running software no older than the ‘n-1 version’) throughout the Term. 7.5 The Service Provider shall: (a) implement a mechanism for receiving, analysing and acting upon threat information supplied by NCSC, or any other competent Central Government Body; (b) ensure that the Authority’s System, the Service Provider’s System and the Service Provider Solution (to the extent that the Authority’s System, the Service Provider’s System and the Service Provider Solution is within the control of the Service Provider) is monitored to facilitate the detection of anomalous behaviour that would be indicative of system compromise; (c) ensure it is knowledgeable about the latest trends in threat, vulnerability and exploitation that are relevant to the Authority’s System, the Service Provider’s System and the Service Provider Solution by actively monitoring the threat landscape during the Term; (d) pro-actively scan the Authority’s System, the Service Provider’s System and the Service Provider Solution (to the extent that the Authority’s System, the Service Provider’s System and the Service Provider Solution is within the control of the Service Provider) for vulnerable components and address discovered vulnerabilities through the processes described in the Security Pla...
Sample 1
Vulnerabilities and Corrective Action. 9.1 The Authority and the Supplier acknowledge that from time to time vulnerabilities in the Information System will be discovered which unless mitigated will present an unacceptable risk to the Authority Data. 9.2 The severity of vulnerabilities for Supplier COTS Software and Third Party COTS Software shall be categorised by the Supplier as ‘Critical’, ‘Important’ and ‘Other’ by aligning these categories to the vulnerability scoring according to the agreed method in the Risk Management Documentation and using the appropriate vulnerability scoring systems including: 9.2.1 the ‘National Vulnerability Database’ ‘Vulnerability Severity Ratings’: ‘High’, ‘Medium’ and ‘Low’ respectively (these in turn are aligned to CVSS scores as set out by NIST at xxxx://xxx.xxxx.xxx/xxxx.xxx); and 9.2.2 Microsoft’s ‘Security Bulletin Severity Rating System’ ratings ‘Critical’, ‘Important’, and the two remaining levels (‘Moderate’ and ‘Low’) respectively. 9.3 Subject to Paragraph 9.4, the Supplier shall procure the application of security patches to vulnerabilities in the Core Information Management System within:
Sample 1
Vulnerabilities and Corrective Action. The Customer and the Supplier acknowledge that from time to time vulnerabilities in the “THE SERVICEInformation System will be discovered which unless mitigated will present an unacceptable risk to the “THE SERVICE” Data.
Sample 1

Related to Vulnerabilities and Corrective Action

  • Corrective Actions The Government will use its best efforts to ensure that each Covered Provider (i) takes, where necessary, appropriate and timely corrective actions in response to audits, (ii) considers whether the results of the Covered Provider’s audit necessitates adjustment of the Government’s records, and (iii) permits independent auditors to have access to its records and financial statements as necessary.

  • Corrective Action Despite its right to terminate this Agreement pursuant to this Article, the LHIN may choose not to terminate this Agreement and may take whatever corrective action it considers necessary and appropriate, including suspending Funding for such period as the LHIN determines, to ensure the successful completion of the Services in accordance with the terms of this Agreement.

  • Mitigation and Corrective Action Business Associate shall mitigate, to the extent practicable, any harmful effect that is known to it of an impermissible use or disclosure of PHI, even if the impermissible use or disclosure does not constitute a Breach. Business Associate shall draft and carry out a plan of corrective action to address any incident of impermissible use or disclosure of PHI. If requested by Covered Entity, Business Associate shall make its mitigation and corrective action plans available to Covered Entity. Business Associate shall require a Subcontractor to agree to these same terms and conditions.

  • Corrective Action Plans If the OAG finds deficiencies in XXXXXXX’s performance under this Grant Contract, the OAG, at its sole discretion, may impose one or more of the following remedies as part of a corrective action plan: increase of monitoring visits; require additional or more detailed financial and/or programmatic reports be submitted; require prior approval for expenditures; require additional technical or management assistance and/or make modifications in business practices; reduce the contract amount; and/or terminate this Grant Contract. The foregoing are not exclusive remedies, and the OAG may impose other requirements that the OAG determines will be in the best interest of the State.

  • Corrective Action Plan Within fifteen (15) Business Days following the establishment of the Joint Remediation Committee, the Purchasers, in consultation with the Sellers, shall prepare and submit to the Joint Remediation Committee an initial draft of the Corrective Action Plan. The parties shall work in good faith through the Joint Remediation Committee to finalize the Corrective Action Plan within fifteen (15) Business Days of the Purchasers’ submission of the initial draft of the Correct Action Plan. At the end of such period, if the Sellers reasonably determine that the Corrective Action Plan proposed by the Purchasers (as may be modified over the course of such period) would not reasonably be expected to satisfactorily address the Major Default, then the Sellers may escalate the issue to the Head of Commercial Capital (or equivalent leader of any successor business unit) of the Seller Group and the Chief Executive Officer of the Bank Assets Purchaser (the “Senior Executives”) and the Senior Executives shall work collaboratively (including with the Joint Remediation Committee) to develop a mutually agreeable Corrective Action Plan within fifteen (15) Business Days.

  • Environmental and Safety Matters (a) The Company and its Subsidiaries have at all times complied in all material respects with all applicable Environmental and Safety Requirements, which compliance has included obtaining and complying in all material respects at all times with all material permits, licenses and other authorizations required pursuant to Environmental and Safety Requirements for the occupation of their facilities and the operation of their respective businesses. (b) Except as set forth in Section 4.27(b) of the Disclosure Schedule, since February 19, 2008, neither the Company nor any of its Subsidiaries has received any notice, report, order, or directive regarding any, and is not subject to any litigation, proceedings or order regarding any, actual or alleged violation of Environmental and Safety Requirements, or any liability or potential liability arising under Environmental and Safety Requirements, in effect prior to and as of the date of the applicable Closing, relating to the business, the Owned Real Property or Leased Real Property. (c) Except as set forth in Section 4.27(c) of the Disclosure Schedule, neither the Company nor any of its Subsidiaries has treated, stored, disposed of, arranged for or permitted the disposal of, transported, handled, released, or exposed any Person to, any substance (including without limitation any hazardous substance), owned or operated any property or facility which is or has been contaminated by any substance, so as to give rise to any current or future liabilities under any Environmental and Safety Requirements in effect at the time of such treatment, storage, disposal, transportation, handling, release or exposure. (d) Except as set forth in Section 4.27(d) of the Disclosure Schedule, neither the Company nor any of its Subsidiaries has assumed, undertaken, or provided any indemnity with respect to, any liability of any other Person relating to Environmental and Safety Requirements. (e) The Company has furnished to Investor true and correct copies of all environmental audits, reports, assessments and all other documents materially bearing on environmental, health or safety liabilities relating to the past or current operations or facilities of the Company and all of its Subsidiaries, in each case which are in its possession or under its reasonable control.

  • Proposed Corrective Action Plan Simultaneously with the submission of the Audit, the Recipient will submit to OCR for its review and approval a proposed Corrective Action Plan to address all inaccessible content and functionality identified during the Recipient’s Audit. The proposed Corrective Action Plan will set out a detailed schedule for: (1) addressing problems, taking into account identified priorities, with all corrective actions to be completed within 18 months of the date OCR approved the Corrective Action Plan; (2) setting up systems of accountability and verifying claims of accessibility by vendors or open sources; and setting up a system of testing and accountability to maintain the accessibility of all online content and functionality on an ongoing basis.

  • FLORIDA CONVICTED/SUSPENDED/DISCRIMINATORY COMPLAINTS By submission of an offer, the respondent affirms that it is not currently listed in the Florida Department of Management Services Convicted/Suspended/Discriminatory Complaint Vendor List.

  • Environmental and Safety Laws To its knowledge, the Company is not in violation of any applicable statute, law or regulation relating to the environment or occupational health and safety, and to its knowledge, no material expenditures are or will be required in order to comply with any such existing statute, law or regulation.

  • Hazardous Materials; Remediation (a) If any release or disposal of Hazardous Materials shall occur or shall have occurred on any real property or any other assets of any Borrower or any other Credit Party, such Borrower will cause, or direct the applicable Credit Party to cause, the prompt containment and removal of such Hazardous Materials and the remediation of such real property or other assets as is necessary to comply with all Laws and to preserve the value of such real property or other assets. Without limiting the generality of the foregoing, each Borrower shall, and shall cause each other Credit Party to, comply with each Law requiring the performance at any real property by any Borrower or any other Credit Party of activities in response to the release or threatened release of a Hazardous Material. (b) Borrower will provide Agent within thirty (30) days after written demand therefor with a bond, letter of credit or similar financial assurance evidencing to the reasonable satisfaction of Agent that sufficient funds are available to pay the cost of removing, treating and disposing of any Hazardous Materials or Hazardous Materials Contamination and discharging any assessment which may be established on any property as a result thereof, such demand to be made, if at all, upon Agent’s determination that the failure to remove, treat or dispose of any Hazardous Materials or Hazardous Materials Contamination, or the failure to discharge any such assessment could reasonably be expected to have a Material Adverse Change. (c) If there is any conflict between this Section 6.10 and any environmental indemnity agreement which is a Financing Document, the environmental indemnity agreement shall govern and control.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!