Vulnerability and Patch Management. Genesys will maintain a vulnerability management program based on industry standard practices that routinely assesses the Data Center environment. Routine network and server scans will be scheduled and completed on a regular basis. The scan results will be analyzed to confirm identified vulnerabilities, and remediation will be scheduled within a timeframe commensurate with the relative risk. Genesys will monitor a variety of vulnerability advisory services to ensure that newly identified vulnerabilities are appropriately evaluated for possible impact to the Genesys PureConnect Cloud Service. Critical and high-risk vulnerabilities will be promptly addressed following the patch management and change management processes.
Vulnerability and Patch Management. Genesys will maintain a vulnerability management program that ensures compliance with Industry Standards. Genesys will assess all critical vulnerabilities to the Cloud Services production environment for access/vector complexity, authentication, impact, integrity, and availability. If the resulting risk is deemed to be “Critical” to Customer Data by Genesys, Genesys will endeavour to patch or mitigate affected systems within 7 working days. Certain stateful systems cannot be patched as quickly due to interdependencies and customer impact but will be remediated as expeditiously as practicable.
Vulnerability and Patch Management. 1.1 For all Contractor Managed Systems that store Metro Government Information, Contractor will promptly address Vulnerabilities though Security Patches. Unless otherwise requested by Metro Government, Security Patches shall be applied within fourteen (14) days from its release for Critical Security Patches, thirty (30) days for Important Security Patches, and twelve (12) months for all other applicable Security Patches. Contractor may provide an effective technical mitigation in place of a Security Patch (if no Security Patch is available or if the Security Patch is incompatible) which doesn’t materially impact Metro Government’s use of the system nor require additional third party products.
1.2 If the application of Security Patches or other technical mitigations could impact the operation of Contractor Managed System, Contractor agrees to install patches only during Metro Government approved scheduled maintenance hours, or another time period agreed by Metro Government.
Vulnerability and Patch Management. Following receipt of any update release from the manufacturer, Brightcove will apply manufacturer-recommended security updates to all systems, devices, or applications Processing Personal Data within a reasonable period of time, taking into account the nature and severity of the risk. Brightcove will install, within a reasonable period of time following Brightcove’s receipt from the manufacturer, any software patches designated by manufacturers, vendors, or Brightcove as “critical”. Brightcove conducts regular vulnerability scans and penetration tests of any network storing or processing Personal Data and remediates any identified critical vulnerability in accordance with Brightcove’s defined remediation schedule.
Vulnerability and Patch Management. (a) The Distributor monitors and supervises the development of all software that is used to process the Confidential Information of the Trust and conducts an independent security review of its environment. The Distributor reviews and tests custom code that is used to process such Confidential Information to identify potential coding vulnerabilities in accordance with industry standard security practices. All documentation of such assessments and remediation actions taken are confidential and proprietary and not disclosed externally.
(b) Applications that are used to process the Confidential Information of the Trust are periodically scanned to detect vulnerabilities in static code or open source components and penetration tests are performed regularly (e.g., prior to releases, and at regular intervals if there are no releases). The Distributor employs a comprehensive software security assurance program (“SSAP”) that includes architectural risk reviews, secure code reviews, threat-based penetration testing, dynamic scanning in the quality assurance phase for all applications that process the Confidential Information of the Trust and a periodic security evaluation of all externally facing applications.
(c) Patch management and vulnerability remediation across the Distributor’s applications and infrastructure are based on an internal prioritized scoring model which uses the Common Vulnerability Scoring System (CVSS), information from internal vulnerability assessments, and internally provided risk/severity ratings of the underlying assets and applications. The scoring model is designed to decrease risk exposure in critical areas by prioritizing remediation based on the Distributor’s environment.
(d) If the Distributor identifies a weakness or vulnerability that could have a direct, material adverse impact on the Distributor’s ability to (i) perform its obligations under this Agreement, (ii) comply with applicable laws in connection with this Agreement, or (iii) meet the Distributor’s business continuity capabilities in connection with this Agreement (each a “Deficiency”), the Distributor shall, within a commercially reasonable time, provide high-level information about the potential impact of that Deficiency and its remediation plan. The Trust acknowledges that any Deficiency shall be remediated and verified by the Distributor’s own internal audit group that is independent from the division performing the obligations under this Agreement.
Vulnerability and Patch Management. Controls are in place to prevent and detect the introduction of malicious software and viruses into systems (Virus and Malware Management Policy).
Vulnerability and Patch Management. Following receipt of any update release from the manufacturer, Veset will apply manufacturer-recommended security updates to all systems, devices, or applications Processing Personal Data within a reasonable period of time, taking into account the nature and severity of the risk. Veset will install, within a reasonable period of time following Xxxxx’s receipt from the manufacturer, any software patches designated by manufacturers, vendors, or Veset as “critical”. Veset conducts regular vulnerability scans and penetration tests of any network storing or processing Personal Data and remediates any identified critical vulnerability in accordance with Xxxxx’s defined remediation schedule 4. Access Controls.
Vulnerability and Patch Management. Genesys will assess all critical vulnerabilities to the A3S AWS production environment for access/vector complexity, authentication, impact, integrity, and availability. If Genesys deems the resulting risk to be critical to Customer Data, Genesys will endeavour to patch or mitigate affected systems within fourteen calendar days.
Vulnerability and Patch Management. Maintain vulnerability management and regular application, operating system and other infrastructure patching procedures and technologies to identify, assess, mitigate, and protect against new and existing security vulnerabilities and threats, including viruses, bots, and other malicious code.
Vulnerability and Patch Management. Manufacturer will maintain a process to timely identify and remediate system, device, and application vulnerabilities through patches, updates, bug fixes, or other modifications to maintain the security of Amazon Information.
