Vulnerability management service Clause Samples

Vulnerability management service. 6.6.1.1 Scope 1721 The vulnerability management service shall cover the entire IT service portfolio for the FWC. 1722 The following tasks shall be performed in the scope of this service: 1723  Vulnerability monitoring (proactive security monitoring) 1724 o Continuous monitoring of different security sources of vulnerability information to 1725 identify new published software vulnerabilities. Also, active monitoring of new 1726 information5 related to older vulnerabilities which are still open (=not yet 1727 remediated). 1728 o Regular (at least quarterly) vulnerability checks, e.g. by performing vulnerability 1729 and network scans, for all the systems belong to IT service portfolio, including 1730 managed networks. Missing security patches, misconfiguration and obsolete 1731 technologies shall belong to the scope of the checks. 1732  Vulnerability analysis. All the vulnerabilities shall be analysed without delay. ECHA 1733 specific criticality and urgency of the remediation actions shall be assessed by 1734 contextualising the vulnerability in ECHA environment and by taking into account (other) 1735 security measures and compensating factors in place. The criticality and urgency 1736 assessment shall be updated if further information is disclosed 1737  A proposal for remediation actions (e.g. remediated as a part of the standard regular 1738 patching or by initiating an emergency patching, a configuration change as a standard or 1739 emergency change etc.) shall be prepared and clearly communicated to ECHA. In case 5 for example if an exploit to abuse the vulnerability is published or if there is a new malware widely spreading via this hole 1740 that a primary remediation action is not yet available or cannot be applied to a critical 1741 vulnerability (e.g. if a patch is not yet available), possible temporary mitigation actions 1742 shall be assessed and proposed 1743  Follow-up and metrics. The Contractor shall follow up the remediation actions and 1744 maintain a list of the open vulnerabilities. The Contractor shall adopt metrics on 1745 vulnerability management (e.g. number of open vulnerabilities or mitigation time for the 1746 critical vulnerabilities). Whenever the metrics reveal systematic issues, a root cause 1747 assessment shall be carried out according to the model for Problem Management defined 1748 in ITIL. 1749 6.6.1.2 Objectives 1750 The main objective of the service is to detect and remediate vulnerabilities that exist in the 1751 se...
View Source

Related to Vulnerability management service

  • Vulnerability Management BNY Mellon will maintain a documented process to identify and remediate security vulnerabilities affecting its systems used to provide the services. BNY Mellon will classify security vulnerabilities using industry recognized standards and conduct continuous monitoring and testing of its networks, hardware and software including regular penetration testing and ethical hack assessments. BNY Mellon will remediate identified security vulnerabilities in accordance with its process.

  • Project Management Services Contractor shall provide business analysis and project management services necessary to ensure technical projects successfully meet the objectives for which they were undertaken. Following are characteristics of this Service:

  • Construction Management Services a. A-E may be required to review and recommend approval of submittals, shop drawings, Request for Information (RFI) and/or calculations for temporary structures such as trench shoring, false work and other temporary structural forms. b. A-E may be required to review and advise the County Representative on the overall project schedule, including staging and completion dates, duration, milestones, and interfaces. Immediately notify Representative if the proposed work schedule does not conform to the contract documents, including the plans, specifications, and permits or that may require special inspection or testing, or work stoppage. c. Review on a monthly basis the project schedule and/or Critical Path Method (CPM) schedule submitted by the Construction Contractor. Make recommendations concerning the Construction Contractor’s adherence thereto. Recommend possible solutions to scheduling problems so as to complete the project on time, within budget, and in accordance with the contract drawings and specifications. d. Review scope of work and identify potential contract change orders. Prepare independent cost estimates for any changes resulting from design revisions or change in field conditions. Prepare and recommend for approval all contract change orders. e. Evaluate the merit of any potential claims or requests for equitable adjustment submitted by the Construction Contractor. Prepare analysis of potential claims include recommendations regarding settlement of the claims. f. Assist County staff in project related issues with other Agencies, or departments, engineering and material testing support firms, CEQA consultants, utilities agencies, etc. g. Assist in community outreach meetings and media relations h. Review for acceptance/approval of Storm Water Pollution Prevention Plan (SWPPP) in accordance with the general Permit of Discharges of Storm Water Associated with Construction Activity (Construction General Permit, including dewatering/diversion plans per the State’s DeMinimus Permit).

  • Infrastructure Vulnerability Scanning Supplier will scan its internal environments (e.g., servers, network devices, etc.) related to Deliverables monthly and external environments related to Deliverables weekly. Supplier will have a defined process to address any findings but will ensure that any high-risk vulnerabilities are addressed within 30 days.

  • Virus Management DST shall maintain a malware protection program designed to deter malware infections, detect the presence of malware within DST environment.