The purpose of this document is to communicate the Accenture Products & Platforms (APP) organization’s policy with regards to the distribution of security vulnerability patches for APP software products. This document will communicate APP's processes and requirements for handling known security vulnerabilities, subsequent patching of such security vulnerabilities and the scope of support for security vulnerabilities. The policy will be adaptive to the needs of the marketplace and may be updated periodically as applicable. Accenture clients are ultimately responsible for applying any security vulnerability patches that are made available by Accenture for its supported software and for ensuring that they implement their own secure processes and standard industry practices related to the overall security of their IT environment where Accenture licensed software products are installed.
Accenture licenses and supports APP software products pursuant to Accenture standard license terms and conditions. This security policy is incorporated into Accenture’s standard license terms and conditions and clients are expected to adhere to this policy to receive the security patches from Accenture covered by this policy.
All APP software products are designed to comply with the security vulnerability patch outlines in this document prior to being made Generally Available (“GA”) to our licensed and supported clients. There may be instances where Accenture or those clients identify a new security vulnerability after a product was made Generally Available. When such security vulnerability is identified and reproduced by Accenture, Accenture will make commercially reasonable efforts to develop a remediation plan to remediate such security vulnerability and publish security patches for the current release of the product and where applicable, to prior supported releases of the product as described in the next section:
APP security scope, approach, remediation & communication