TECHNICAL SECURITY AUDITS ADDENDUM


Effective as of January 1, 2024 (Version Number: 45292)


All terms not defined herein shall have the meaning ascribed to them in the DAS Standard Incorporated Terms and Conditions.


Technical Security Audits – If the executed COF or Cybersecurity Bundled Package includes “Technical Security Audit” in any form, DAS will use reasonable commercial efforts to provide. 

  1. The Advanced Technical Security Audit or Technical Security Audit, as applicable, will be provided during each Calendar Year for which the audit was initially ordered, provided that there was a UFC paid, or (b) 12 months’ MSC has been paid or agreed to be paid, and there has been no default or late payments by Client
  2. Subject to the terms contained herein, the following services are included:
    1. a one-time Vulnerability Management Scan
    2. a one-time Penetration Test
    3. a one-time DAS Cybersecurity Expert Manual Review of security function areas (subject to change based on best security practices and recommended guidelines but will include over 60 specific function areas identified within the Client’s network)
    4. a Risk Ranked Vulnerability Report (up to 1 hour review)
    5. Service is to be considered one-time unless otherwise indicated on the COF as Annual
    6. If service is indicated to be annual, that audit will have priority scheduling and limited to 1 audit per calendar year.
  3. Subject to the terms contained herein, DAS will use reasonable commercial efforts to provide:
    1. a one-time Vulnerability Management Scan
    2. a Risk Ranked Vulnerability Report (up to 1 hour review)
    3. Service is to be considered on-time unless otherwise indicated on the COF as Annual
    4. If service is indicated to be annual, that audit will have priority scheduling and limited to 1 audit per calendar year.