Common use of Vulnerability & Patch Management Clause in Contracts

Vulnerability & Patch Management. Supplier will, as applicable to the Services provided: a. Conduct periodic vulnerability scanning and penetration tests on information systems and applications to identify security vulnerabilities. b. Subscribe to an industry standard vulnerability service (e.g. Common Vulnerabilities and Exposures) and maintain alert status regarding any vulnerabilities contained in Supplier’s information systems and products. c. Maintain procedures to evaluate, prioritize, and track the vulnerabilities based on a variety of factors such as: i. The severity rating assigned to the vulnerability by an industry standards body; ii. The criticality of the assets impacted by the vulnerability and their likelihood of exploitation; and iii. The classification and quantity of information which the vulnerability places at risk. d. Patch or take other corrective actions to remediate known or discovered vulnerabilities in a commercially reasonable timeframe, giving greater priority to vulnerabilities with a higher severity rating based on the criteria outlined in Section 11(c).

Appears in 4 contracts

Samples: Master Collateral Agency and Intercreditor Agreement (Verizon Master Trust), Master Collateral Agency and Intercreditor Agreement (Verizon Master Trust), Transfer and Servicing Agreement (Verizon Master Trust)

AutoNDA by SimpleDocs

Vulnerability & Patch Management. Supplier will, as applicable to the Services providedmust: a. Conduct periodic vulnerability scanning and penetration tests on information systems and applications to identify security vulnerabilities. b. Subscribe to an industry standard Industry Standard vulnerability service (e.g. Common Vulnerabilities and Exposures) and maintain alert status regarding any vulnerabilities contained in Supplier’s information systems and products. c. Maintain procedures to evaluate, prioritize, and track the vulnerabilities based on a variety of factors such as: i. The severity rating assigned to the vulnerability by an industry standards Industry Standards body; ii. The criticality of the assets impacted by the vulnerability and their likelihood of exploitation; and iii. The classification and quantity of information which the vulnerability places at risk. d. Patch or take other corrective actions to remediate known or discovered vulnerabilities in a commercially reasonable timeframe, giving greater priority to vulnerabilities with a higher severity rating based on the criteria outlined in Section 11(c).

Appears in 4 contracts

Samples: Transfer and Servicing Agreement (Verizon Owner Trust 2020-C), Transfer and Servicing Agreement (Verizon Owner Trust 2020-C), Transfer and Servicing Agreement (Verizon Owner Trust 2020-B)

AutoNDA by SimpleDocs
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!