Entity identifies vulnerabilities on the network through annual network testing exercise conducted by a qualified third party service provider