Entity identifies vulnerabilities on the company platform through annual penetration testing exercise conducted by a qualified third party service provider.