Vulnerability Assessments. Voya will conduct monthly vulnerability assessments that meet the following criteria: (a) All production servers and network devices must be scanned at least monthly; (b) All vulnerabilities must be rated; (c) All vulnerability remediation must be prioritized based on risk; (d) All tools used for scanning must have signatures updated at least monthly with the latest vulnerability data; and, (e) Voya will implement and maintain a formal process for tracking and resolving issues in a timely fashion.
Appears in 3 contracts
Sources: Contract for Goods and Services, Employer Services Agreement, Contract for Goods and Services