External and internal vulnerability scanning is available to provide you with a better picture of assumed risks. These scans are designed to meet the requirements of state law and to help your organization resolve any unknown vulnerabilities. Penetration testing is provided through third-party contracts.