Certifications and Audits Clause Samples

Certifications and Audits. Company shall promptly complete and return to BNYM any certifications which BNYM in its sole reasonable discretion may from time to time send to Company, certifying that Company is using the Licensed System in material compliance with the terms and conditions set forth in this Agreement. BNYM may, at its expense and after giving at least 30 days' written notice to Company, virtually audit Company's utilization of the Licensed System and the scope of use and information during normal business hours pertaining to Company's compliance with the provisions of this Agreement. The foregoing right may be exercised directly by BNYM or by delegation to an independent auditor acting on its behalf.

Certifications and Audits. 6.1. Customer Audit Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if: a) SAP has not provided sufficient evidence of its compliance with the Technical and Organizational Measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or

Certifications and Audits. 6.1. SAP Resources SAP provides Audit Reports and Certifications free of charge, online or upon request. Additional verifications that require SAP resources are limited and subject to the following Sections.

Certifications and Audits. 9.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third- party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust and Customer prior to initiation. Customer shall promptly notify Entrust with information regarding non-compliance discovered during the course of an audit, and Entrust shall use commercially reasonable efforts to address any confirmed non-compliance.

Certifications and Audits. (i) Microsoft has established and agrees to maintain a data security policy that complies with the ISO 27001 standards for the establishment, implementation, control, and improvement of the Information Security Management System and the ISO/IEC 27002 code of best practices for information security management (“Microsoft Online Information Security Policy”). On a confidential need-to-know basis, and subject to Customer’s agreement to non-disclosure obligations Microsoft specifies, Microsoft will make the Microsoft Online Information Security Policy available to Customer, along with other information reasonably requested by Customer regarding Microsoft security practices and policies. Customer is solely responsible for reviewing the Microsoft Online Information Security Policy, making an independent determination as to whether the Microsoft Online Information Security Policy meets Customer’s requirements, and for ensuring that Customer’s personnel and consultants follow the guidelines they are provided regarding data security. (ii) Microsoft will audit the security of the computers and computing environment that it uses in processing Customer Data (including personal data) on the Microsoft Online Services and the physical data centers from which Microsoft provides the Microsoft Online Services. This audit: (1) will be performed at least annually; (2) will be performed according to ISO 27001 standards; (3) will be performed by third party security professionals at Microsoft’s selection and expense; (4) will result in the generation of an audit report (“Microsoft Audit Report”), which will be Microsoft’s confidential information; and (5) may be performed for other purposes in addition to satisfying this Section (e.g., as part of Microsoft’s regular internal security procedures or to satisfy other contractual obligations). (iii) If Customer requests in writing, Microsoft will provide Customer with a confidential summary of the Microsoft Audit Report (“Summary Report”) so that Customer can reasonably verify Microsoft’s compliance with the security obligations under this Amendment. The Summary Report is Microsoft confidential information. (iv) Microsoft will make good faith, commercially reasonable efforts to remediate (1) any errors identified in a Microsoft Audit Report that could reasonably be expected to have an adverse impact on Customer use of the Microsoft Online Services and (2) material control deficiencies identified in the Microsoft Audit Report. (v) T...

Certifications and Audits. 6.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust Datacard, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust Datacard shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust Datacard shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third-party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust Datacard and Customer prior to initiation. Customer shall promptly notify Entrust Datacard with information regarding non-compliance discovered during the course of an audit, and Entrust Datacard shall use commercially reasonable efforts to address any confirmed non- compliance. Schedule 1: Details of the Processing Schedule 2: EU Standard Contractual Clauses The parties' authorized signatories have duly executed this DPA: Name (written out in full): Position: Address: Signature: Name (written out in full): ▇▇▇▇ ▇. ▇▇▇▇▇▇▇ Position: General Counsel Address: ▇▇▇▇ ▇▇▇▇ ▇▇▇▇▇, ▇▇▇▇▇▇▇▇, ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇-▇▇▇▇ ▇▇▇ Signature: Entrust Datacard will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Services-related documentation, and as further instructed by Customer in its use of the Services.

Certifications and Audits. 10.1 Emburse will, upon written request of Customer, make available evidence of its compliance with the technical and organizational measures that protect the Service through third-party certifications and audits as described in the security Documentation.‌ 10.2 Customer, a Controller, or its respective independent third party auditor reasonably acceptable to Emburse, may have a right to audit Emburse’s control environment and security practices relevant to the Processing if: 10.2.1 Emburse fails to provide sufficient evidence under Section 10.1; 10.2.2 An audit is requested by Customer’s, or a Controller’s, relevant data protection authority; or 10.2.3 Data Protection Law provides Customer with a direct audit right, provided any such audit shall only occur once in any twelve (12) month period unless such law requires more frequent audits. 10.3 If a Controller (other than Customer) requests to conduct an audit under section 10.2, such audit must be undertaken by and through Customer unless Data Protection Law requires otherwise. If several Controllers whose Personal Data is processed Emburse under the Agreement require an Audit, Customer shall use all reasonable means to combine the audits and to avoid multiple audits. Customer shall bear the costs of all audits under this Section 10. 10.4 Customer or the relevant Controller undertaking an audit under Section 10.2 shall give ` Emburse at least 60 days (or such other period as required by Data Protection Law) prior notice of any audit to be conducted under section 10.2. The scope of any audits shall be mutually agreed by the parties acting reasonably and in good faith. Audits shall be limited to 3 days and Customer (or relevant Controller) shall make (and ensure that each of its auditors makes) reasonable endeavours to avoid causing (or, if it cannot avoid, to minimise) any damage, injury or disruption to Emburse premises, equipment, personnel and business in the course of such audit. Customer shall bear the costs of such audit and will provide the results of any audit to Emburse. If an audit determines that Emburse has breached its obligations under the DPA, Emburse will promptly remedy the breach at its own cost.

Certifications and Audits. (a) Anaplan shall make available to the Client such information as is reasonably necessary to demonstrate Anaplan’s compliance with the obligations of this DPA and the obligations under applicable Data Protection Laws; (b) For the Anaplan Service, during the term of the Agreement, Anaplan will engage independent third-party auditors to perform regular audits (at least annually) and provide an Audit Report (SOC 1 Type 2 and/or SOC 2 Type 2 report) and/or ISO certificate/attestation; (c) Upon Client’s written request but no more than twice annually, and subject to the confidentiality obligations set forth in the Agreement, Anaplan shall provide a copy of Anaplan’s then most recent Audit Report or ISO certificate/attestation, or any summaries thereof, that Anaplan generally makes available to its Clients at the time of such request. (d) To the extent that Anaplan’s provision of an Audit Report does not provide sufficient information or Client is required to respond to regulatory authority audits, Client agrees to a mutually agreed-upon audit plan with Anaplan that (i) defines the mutually agreed-upon scope, timing and duration of the audit; (ii) ensures the use of an independent third party; (iii) provides notice to Anaplan in a timely fashion; (iv) requests access only during business hours; (v) accepts billing to Client at Anaplan’s then current rate; (vi) occurs no more than once annually; (vii) restricts its findings to only data relevant to Client; and (viii) obligates Client, to the extent permitted by law or regulations, to keep confidential any information gathered that, by its nature should be confidential.

Certifications and Audits. IBM will audit the security of the Cloud Service.