Common use of Audit and Testing Clause in Contracts

Audit and Testing. 4.1 The Provider shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with UK SBS. 4.2 UK SBS shall be entitled to send a representative to witness the conduct of the Security Tests. The Provider shall provide UK SBS with the results of such tests (in a form approved by UK SBS in advance) as soon as practicable after completion of each Security Test. 4.3 Where any Security Test carried out pursuant to paragraphs 4.2 above reveals any actual or potential security failure or weaknesses, the Provider shall promptly notify UK SBS of any changes to the Security Plan (and the implementation thereof) which the Provider proposes to make in order to correct such failure or weakness. Subject to UK SBS's approval in accordance with paragraph 3.12, the Provider shall implement such changes to the Security Plan in accordance with the timetable agreed with UK SBS or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to UK SBS. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.

Audit and Testing. 4.1 The Provider shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with UK SBS. 4.2 UK SBS shall be entitled to send a representative to witness the conduct of the Security Tests. The Provider shall provide UK SBS with the results of such tests (in a form approved by UK SBS in advance) as soon as practicable after completion of each Security Test. 4.3 Where any Security Test carried out pursuant to paragraphs 4.2 above reveals any actual or potential security failure or weaknesses, the Provider shall promptly notify UK SBS of any changes to the Security Plan (and the implementation thereof) which the Provider proposes to make in order to correct such failure or weakness. Subject to UK SBS's approval in accordance with paragraph 3.12, the Provider shall implement such changes to the Security Plan in accordance with the timetable agreed with UK SBS or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-non- compliance with the Security Policy or security requirements, the change to the Security Plan shall be at no additional cost to UK SBS. For the purposes of this paragraph 4, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.