Common use of Audit and Testing Clause in Contracts

Audit and Testing. 5.1 The Contractor shall conduct tests of the processes and countermeasures contained in the Security Plan ("Security Tests") on an annual basis or as otherwise agreed by the Parties. The date, timing, content and conduct of such Security Tests shall be agreed in advance with the Authority. 5.2 The Contractor shall provide the Authority with a summary of results, or onsite access to the results of such tests (in a form agreed between the Contractor and the Authority in advance) on reasonable request. 5.3 On the Authority’s reasonable request, the Contractor shall carry out such tests (including penetration tests) as the Authority may reasonably require and which are agreed in writing by the Contractor in relation to the Security Plan. Security Tests shall be designed and implemented so as to minimise the impact on the delivery of the Goods and/or Services. 5.4 Where any Security Test carried out pursuant to paragraphs 5.2 or 5.3 above reveals any actual or potential security failure or weaknesses, the Contractor shall promptly notify the Authority of any changes affecting the Authority to the Security Plan (and the implementation thereof) which the Contractor proposes to make in order to correct such failure or weakness. Subject to the Authority's approval in accordance with paragraph 4.3, the Contractor shall implement such changes to the Security Plan in accordance with the timetable agreed with the Authority or, otherwise, as soon as reasonably possible. For the avoidance of doubt, where the change to the Security Plan to address a non-compliance with the HMG Security Policy Framework or security requirements, the change to the Security Plan shall be at no additional cost to the Authority. For the purposes of this paragraph, a weakness means a vulnerability in security and a potential security failure means a possible breach of the Security Plan or security requirements.