Specifications include, but are not limited to: 1. Vendor shall supply all hosting equipment (hardware and software) required for performance of the contract and ensure maintenance and replacement as necessary to maintain compliance with the Service Level Agreement(s). 2. The vendor shall warrant all system/software to be delivered free of malware or other malicious or destructive code. 3. All application code should be written to comply with secure coding guidelines such as the Open Web Application Security Project (OWASP). Scans on custom code should be performed and reviewed to identify coding vulnerabilities prior to moving to production. 4. In the event of adverse risk findings through an audit or assessment, the vendor shall cooperate with the Commission in remediating any risks to the system, including complying with requests to temporarily take the system offline or otherwise limit access to the system during remediation if warranted. 5. Vendors must have a plan for compliance with all applicable breach notification laws, including Pennsylvania’s Breach of Personal Information Notification (73 P.S. Section 2301 et. seq.).