During the aforementioned assessments and monitoring, should vulnerabilities be identified by the Supplier or Postal Service, the supplier is responsible for remediating the vulnerabilities, at their expense, in a timeframe commensurate with the criticality.
