Mechanisms exist to perform quarterly external vulnerability scans (outside the organization's network looking inward) via a reputable vulnerability service provider, which include rescans until passing results are obtained or all 'high� vulnerabilities are resolved, as defined by the Common Vulnerability Scoring System (CVSS).