We are currently updating our General Terms of Purchase agreement and my team was asked if we wanted to add any cybersecurity clauses in. I have never seen a cybersecurity clause in one of these, the only even close is usually the confidentiality clause about having in place technical measures to protect confidential information.
What I would like to do is add a clause for being able to request a pentesting report of their systems each year. Has anyone done this, and if so what language did you use in the agreement? or, does anyone have a link where I can find some examples so I can come up with something myself? Also are there any pitfalls I should be worried about doing this?