Audit Terms. Controller will be responsible for the cost of engaging any third-party auditor to conduct an audit. If processor has commissioned an ▇▇▇▇▇.▇▇▇▇▇▇ which it offers to make available to controller, controller may only perform (or commission a third- party auditor to perform) its own audit if controller, acting in good faith, is reasonably dissatisfied with processor’s audit report. Controller must (and must ensure that their third-party auditor does): 9.4.1. coordinate timing and scope of audit with processor, so as to limit impact on processor’s services; 9.4.2. exclude processor’s other customers’ data (including personal data) from the audit; 9.4.3. acquire processor’s approval before using any tools or software on processor’s infrastructure; 9.4.4. not include in the audit any sensitive data (including personal data, special personal data, or data that could harm the security of the services described in the principal agreement); 9.4.5. give processor a reasonable opportunity to review the audit report and resolve any questions or issues of fact; and 9.4.6. keep the results of any audit confidential and not disclose them, unless otherwise required by law.
Appears in 2 contracts
Sources: Data Processing Agreement, Data Processing Agreement