Vulnerability and Risk Assessments Sample Clauses

Vulnerability and Risk Assessments. At least annually, Contractor shall perform vulnerability tests and assessments of all systems that contain City Data. For any of Contractor’s applications that process City Data, such testing must also include penetration tests using intercept proxies to identify security vulnerabilities that cannot be discovered using automated tools, and code review or other manual verifications to occur at least annually. Contractor recognizes and agrees that work performed under this agreement may be subject to City’s vulnerability disclosure program. Contractor shall work with City in good faith to mitigate any vulnerabilities discovered as part of any City vulnerability disclosure program. Contractor shall perform such mitigation within the timeline required pursuant to the vulnerability disclosure program and at no additional cost to City. Contractor shall further hold harmless any security researcher identified by City that alerts City to vulnerabilities in accordance with the process and requirements of City’s vulnerability disclosure program.
Sample 1Sample 2Sample 3See All (4)
AutoNDA by SimpleDocs
Vulnerability and Risk Assessments. At least annually, Contractor shall perform vulnerability tests and assessments of all systems that contain City Data. For any of Contractor’s applications that process City Data, such testing must also include penetration tests using intercept proxies to identify security vulnerabilities that cannot be discovered using automated tools, and code review or other manual verifications to occur at least annually.
Sample 1Sample 2Sample 3
Vulnerability and Risk Assessments. At least annually, Contractor shall perform vulnerability tests and assessments of all systems that contain City Data. Within sixty (60) days of attestation, Contractor shall provide the City with a written “Vulnerability and Risk Assessment Report” that describes the last vulnerability and risk assessment conducted within one year, including the methods and results. The Contractor shall provide the City with each annual report thereafter.
Sample 1

Related to Vulnerability and Risk Assessments

  • Risk Assessments a. Risk Assessment - DST shall, at least annually, perform risk assessments that are designed to identify material threats (both internal and external) against Fund Data, the likelihood of those threats Schedule 10.2 p.2 occurring and the impact of those threats upon DST organization to evaluate and analyze the appropriate level of information security safeguards (“Risk Assessments”). b. Risk Mitigation - DST shall use commercially reasonable efforts to manage, control and remediate threats identified in the Risk Assessments that it believes are likely to result in material unauthorized access, copying, use, processing, disclosure, alteration, transfer, loss or destruction of Fund Data, consistent with the Objective, and commensurate with the sensitivity of the Fund Data and the complexity and scope of the activities of DST pursuant to the Agreement. c. Security Controls Testing - DST shall, on approximately an annual basis, engage an independent external party to conduct a review (including information security) of DST’s systems that are related to the provision of services. DST shall have a process to review and evaluate high risk findings resulting from this testing.

  • Risk Assessment An assessment of any risks inherent in the work requirements and actions to mitigate these risks.

  • Periodic Risk Assessment Provider further acknowledges and agrees to conduct periodic risk assessments and remediate any identified security and privacy vulnerabilities in a timely manner.

  • Loss Assessment We will pay up to $1000 for your share of loss assessment charged during the policy period against you by a corporation or as- sociation of property owners, when the assess- ment is made as a result of:

  • Geological and archaeological finds It is expressly agreed that mining, geological or archaeological rights do not form part of this Agreement with the Contractor for the Works, and the Contractor hereby acknowledges that it shall not have any mining rights or interest in the underlying minerals, fossils, antiquities, structures or other remnants or things either of particular geological or archaeological interest and that such rights, interest and property on or under the Site shall vest in and belong to the Authority or the concerned Government Instrumentality. The Contractor shall take all reasonable precautions to prevent its workmen or any other person from removing or damaging such interest or property and shall inform the Authority forthwith of the discovery thereof and comply with such instructions as the concerned Government Instrumentality may reasonably give for the removal of such property. For the avoidance of doubt, it is agreed that any reasonable expenses incurred by the Contractor hereunder shall be reimbursed by the Authority. It is also agreed that the Authority shall procure that the instructions hereunder are issued by the concerned Government Instrumentality within a reasonable period.

  • Ergonomic Assessments ‌ At the request of the employee, the Employer will ensure that an ergonomic assessment of the employee’s workstation is completed. Solutions to identified issues will be implemented within available resources.

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Medical Records Retention Grantee shall retain medical records in accordance with 22 TAC §165.1(b) or other applicable statutes, rules and regulations governing medical information.

  • Searchability Offering searchability capabilities on the Directory Services is optional but if offered by the Registry Operator it shall comply with the specification described in this section. 1.10.1 Registry Operator will offer searchability on the web-­‐based Directory Service. 1.10.2 Registry Operator will offer partial match capabilities, at least, on the following fields: domain name, contacts and registrant’s name, and contact and registrant’s postal address, including all the sub-­‐fields described in EPP (e.g., street, city, state or province, etc.). 1.10.3 Registry Operator will offer exact-­‐match capabilities, at least, on the following fields: registrar id, name server name, and name server’s IP address (only applies to IP addresses stored by the registry, i.e., glue records). 1.10.4 Registry Operator will offer Boolean search capabilities supporting, at least, the following logical operators to join a set of search criteria: AND, OR, NOT. 1.10.5 Search results will include domain names matching the search criteria. 1.10.6 Registry Operator will: 1) implement appropriate measures to avoid abuse of this feature (e.g., permitting access only to legitimate authorized users); and 2) ensure the feature is in compliance with any applicable privacy laws or policies.

  • Needs Assessment The determination of whether the Annual Income of a family or individual occupying or seeking to occupy a Qualifying Unit complies with the requirements for Extremely Low-Income Households or Low- to Moderate-Income Households shall be made by the applicable housing authority in the CDBG-DR Program area prior to admission of such family or individual to occupancy of a Qualifying Unit.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!