Vulnerability Management and Patching. At least annually, Contractor shall perform at Contractor’s expense vulnerability tests and risk assessments of all systems that contain City Data. For Contractor’s internet perimeter network, and any of Contractor’s applications that process City Data, such testing must also include (i) penetration tests, including by use of intercept proxies to identify security vulnerabilities that cannot be discovered using automated tools, and (ii) code review or other manual verification. All tests must be performed by Contractor’s compliance team using industry recommended network security tools to identify vulnerability information. Upon written request from City, Contractor shall provide to City a Vulnerability Testing & Risk Assessment Report at the organization level including an executive summary of the results.
Appears in 5 contracts
Samples: Professional Services Agreement, Professional Services Agreement, Agreement
