Certifications and Audits Clause Samples

Certifications and Audits. Company shall promptly complete and return to BNYM any certifications which BNYM in its sole reasonable discretion may from time to time send to Company, certifying that Company is using the Licensed System in material compliance with the terms and conditions set forth in this Agreement. BNYM may, at its expense and after giving at least 30 days' written notice to Company, virtually audit Company's utilization of the Licensed System and the scope of use and information during normal business hours pertaining to Company's compliance with the provisions of this Agreement. The foregoing right may be exercised directly by BNYM or by delegation to an independent auditor acting on its behalf.

Certifications and Audits. 6.1. Customer Audit Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if: a) SAP has not provided sufficient evidence of its compliance with the Technical and Organizational Measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or

Certifications and Audits. 6.1. SAP Resources SAP provides Audit Reports and Certifications free of charge, online or upon request. Additional verifications that require SAP resources are limited and subject to the following Sections.

Certifications and Audits. 9.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third- party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust and Customer prior to initiation. Customer shall promptly notify Entrust with information regarding non-compliance discovered during the course of an audit, and Entrust shall use commercially reasonable efforts to address any confirmed non-compliance.

Certifications and Audits. (i) Microsoft has established and agrees to maintain a data security policy that complies with the ISO 27001 standards for the establishment, implementation, control, and improvement of the Information Security Management System and the ISO/IEC 27002 code of best practices for information security management (“Microsoft Online Information Security Policy”). On a confidential need-to-know basis, and subject to Customer’s agreement to non-disclosure obligations Microsoft specifies, Microsoft will make the Microsoft Online Information Security Policy available to Customer, along with other information reasonably requested by Customer regarding Microsoft security practices and policies. Customer is solely responsible for reviewing the Microsoft Online Information Security Policy, making an independent determination as to whether the Microsoft Online Information Security Policy meets Customer’s requirements, and for ensuring that Customer’s personnel and consultants follow the guidelines they are provided regarding data security. (ii) Microsoft will audit the security of the computers and computing environment that it uses in processing Customer Data (including personal data) on the Office 365 Services and the physical data centers from which Microsoft provides the Office 365 Services. This audit: (1) will be performed at least annually; (2) will be performed according to ISO 27001 standards; (3) will be performed by third party security professionals at Microsoft’s selection and expense; (4) will result in the generation of an audit report (“Microsoft Audit Report”), which will be Microsoft’s confidential information; and (5) may be performed for other purposes in addition to satisfying this Section (e.g., as part of Microsoft’s regular internal security procedures or to satisfy other contractual obligations). (iii) If Customer requests in writing, Microsoft will provide Customer with a confidential summary of the Microsoft Audit Report (“Summary Report”) so that Customer can reasonably verify Microsoft’s compliance with the security obligations under this Office 365 DPA. The Summary Report is Microsoft confidential information. (iv) Microsoft will make good faith, commercially reasonable efforts to remediate (1) any errors identified in a Microsoft Audit Report that could reasonably be expected to have an adverse impact on Customer use of the Office 365 Services and (2) material control deficiencies identified in the Microsoft Audit Report. (v) The audit obli...

Certifications and Audits. 6.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust Datacard, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust Datacard shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust Datacard shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third-party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust Datacard and Customer prior to initiation. Customer shall promptly notify Entrust Datacard with information regarding non-compliance discovered during the course of an audit, and Entrust Datacard shall use commercially reasonable efforts to address any confirmed non- compliance. Schedule 1: Details of the Processing Schedule 2: EU Standard Contractual Clauses The parties' authorized signatories have duly executed this DPA: Name (written out in full): Position: Address: Signature: Name (written out in full): ▇▇▇▇ ▇. ▇▇▇▇▇▇▇ Position: General Counsel Address: ▇▇▇▇ ▇▇▇▇ ▇▇▇▇▇, ▇▇▇▇▇▇▇▇, ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇-▇▇▇▇ ▇▇▇ Signature: Entrust Datacard will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Services-related documentation, and as further instructed by Customer in its use of the Services.

Certifications and Audits. (a) Customer may audit Provider’s compliance with its obligations under this Data Processing Agreement up to once per year. In addition, to the extent required by Applicable Data Protection Law, including where mandated by Customer’s Supervisory Authority, Customer or Customer’s Supervisory Authority may perform more frequent audits, including inspections of any Provider-owned and controlled data center facility that Processes Personal Data. Provider will contribute to such audits by providing Customer or Customer’s Supervisory Authority with the information and assistance reasonably necessary to conduct the audit, including any relevant records of Processing activities applicable to the Services ordered by Customer. (b) If a third party is to conduct the audit, the third party must be mutually agreed to by Customer and Provider (except if such third party is a competent Supervisory Authority). Provider will not unreasonably withhold its consent to a third party auditor requested by Customer. The third party must execute a written confidentiality agreement acceptable to Provider or otherwise be bound by a statutory confidentiality obligation before conducting the audit. (c) To request an audit, Customer must submit a detailed proposed audit plan to Provider at least two weeks in advance of the proposed audit date. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Provider will review the proposed audit plan and provide Customer with any concerns or questions (for example, any request for information that could compromise Provider security, privacy, employment or other relevant policies). Provider will work cooperatively with Customer to agree on a final audit plan. (d) If the requested audit scope is addressed in a SSAE 16/ISAE 3402 Type 2, ISO, NIST, PCI DSS, HIPAA or similar audit report issued by a qualified third party auditor within the prior twelve months and Provider provides such report to Customer confirming there are no known material changes in the controls audited, Customer agrees to accept the findings presented in the third party audit report in lieu of requesting an audit of the same controls covered by the report. (e) The audit must be conducted during regular business hours at the applicable facility, subject to the agreed final audit plan and Provider’s health and safety or other relevant policies, and may not unreasonably interfere with Provider business activities. (f) Customer will provide...

Certifications and Audits. (a) Anaplan shall make available to Client such information as is reasonably necessary to demonstrate Anaplan’s compliance with the obligations of this DPA and the obligations under applicable Data Protection Laws; (b) For the Anaplan Service, during the term of the Agreement, Anaplan will engage independent third-party auditors to perform regular audits (at least annually) and provide an Audit Report (SOC 1 Type 2 and/or SOC 2 Type 2 report) and/or ISO certificate/attestation; (c) Upon Client’s written request but no more than twice annually, and subject to the confidentiality obligations set forth in the Agreement, Anaplan shall provide a copy of Anaplan’s then most recent Audit Report or ISO certificate/attestation, or any summaries thereof, that Anaplan generally makes available to its clients at the time of such request. (d) To the extent that ▇▇▇▇▇▇▇’s provision of an Audit Report does not provide sufficient information or Client is required to respond to regulatory authority audits, Client agrees to a mutually agreed-upon audit plan with Anaplan that (i) defines the mutually agreed-upon scope, timing and duration of the audit; (ii) ensures the use of an independent third party; (iii) provides notice to Anaplan in a timely fashion; (iv) requests access only during business hours; (v) accepts billing to Client at Anaplan’s then current rate; (vi) occurs no more than once annually; (vii) restricts its findings to only data relevant to Client; and (viii) obligates Client, to the extent permitted by law or regulations, to keep confidential any information gathered that, by its nature, should be confidential. (e) Client acknowledges and agrees that any exercise of its audit rights under Clause 8.9 of the Standard Contractual Clauses will be conducted on accordance with this DPA.

Certifications and Audits. 6.1. Customer Audit Customer or its independent third-party auditor reasonably acceptable to RELISH (which shall not include any third party auditors who are either a competitor of RELISH or not suitably qualified or independent) may audit RELISH’s control environment and security practices relevant to Personal Data processed by RELISH only if: a) RELISH has not provided sufficient evidence of its compliance with the Technical and Organizational Measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or