Application Security. 7.1 Supplier will maintain a secure systems development life cycle process for Supplier’s systems that Process or store UKG Personal Data, including at a minimum: (a) evidence of a secure code review process; (b) perform periodic application penetration and vulnerability test executed by a specialized third party; (c) implement a procedure that results in timely resolution of all discovered critical, high and medium risk vulnerabilities; and (d) a security checkpoint in change management. 7.2 Supplier will apply patch management, vulnerability assessment, strong access control and system hardening measures in accordance with industry best practices. 7.3 Supplier will provide to UKG upon UKG’s request, evidence that periodic application penetration tests are performed and discovered vulnerabilities are remediated in a timely manner.
Appears in 4 contracts
Sources: Data Processing Agreement, Data Processing Addendum, Data Processing Agreement