Penetration and Vulnerability Testing Clause Samples
Penetration and Vulnerability Testing. Unless Broker-Dealer conducts continuous monitoring of its Information Systems to detect, on an ongoing basis, changes in such Information Systems that may create or indicate vulnerabilities, Broker-Dealer shall conduct: (a) Penetration Testing of its Information Systems at least annually; and (b) vulnerability assessments at least bi-annually, including any systematic scans or reviews of its Information Systems reasonably designed to identify publicly known cybersecurity vulnerabilities.
Penetration and Vulnerability Testing. 15.1 The whole environment is tested every 6 (six) months. If Customer has taken the option of Company’s Managed Firewall Service a report will be made available to Customer.
15.2 If Customer wishes to undertake their own testing, Customer must:
15.2.1 provide at least 48 hours’ notice to Company;
15.2.2 be undertaken by a National Cyber Security Centre approved penetration testing company under the CHECK scheme, or any successor to that scheme.
15.3 Company will undertake a vulnerability scan of Customer’s Virtual Instances each quarter and make the results available to Customer.