Common use of COMPLIANCE AND MONITORING Clause in Contracts

COMPLIANCE AND MONITORING. Contractor shall comply with security policies relating to the handling of Confidential Information. a. Prior to PG&E’s first transfer of Confidential Information to Contractor, Contractor shall provide PG&E with documentation satisfactory to PG&E that it has undertaken Security Measures. b. Contractor and PG&E agree to meet periodically, if requested by PG&E, to evaluate Contractor's Security Measures and to discuss, in good faith, means by which the Parties can enhance such protection, if necessary. c. Contractor shall update its Security Measures, including procedures, practices, policies and controls so as to keep current with industry standards, including but not limited to NIST and NERC/CIP, as applicable. d. PG&E reserves the right to perform onsite security assessments to verify the implementation and ongoing operation and maintenance of security controls. At least annually, Contractor shall assist PG&E in obtaining a copy of any report that documents Contractor's Security Measures. e. In the event, PG&E determines Contractor has not complied with Security Measures, PG&E shall provide written notice to Contractor describing the deficiencies. Contractor shall then have sixty (60) calendar days to cure. If Contractor has not cured the deficiencies within sixty (60) calendar days, PG&E may cancel this Contract for cause in accordance with Section 8.2 of these General Conditions.

COMPLIANCE AND MONITORING. Contractor Consultant shall comply with security policies relating to the handling of Confidential Information. a. Prior to PG&E’s first transfer of Confidential Information to ContractorConsultant, Contractor Consultant shall provide PG&E with documentation satisfactory to PG&E that it has undertaken Security Measures. b. Contractor Consultant and PG&E agree to meet periodically, if requested by PG&E, to evaluate ContractorConsultant's Security Measures and to discuss, in good faith, means by which the Parties can enhance such protection, if necessary. c. Contractor Consultant shall update its Security Measures, including procedures, practices, policies and controls so as to keep current with industry standards, including but not limited to NIST and NIST, NERC/CIP, and FERC, as applicable. d. PG&E reserves the right to perform onsite security assessments to verify the implementation and ongoing operation and maintenance of security controls. At least annually, Contractor Consultant shall assist PG&E in obtaining a copy of any report that documents ContractorConsultant's Security Measures. e. In the event, PG&E determines Contractor Consultant has not complied with Security Measures, PG&E shall provide written notice to Contractor Consultant describing the deficiencies. Contractor Consultant shall then have sixty (60) calendar days to cure. If Contractor Consultant has not cured the deficiencies within sixty (60) calendar days, PG&E may cancel this Contract for cause in accordance with Section 8.2 of these General Conditionscause.

COMPLIANCE AND MONITORING. Contractor Seller shall comply with security policies relating to the handling of Confidential Information and Confidential Customer Information. a. . Prior to PG&E’s first transfer of Confidential Information and Confidential Customer Information to ContractorSeller, Contractor Seller shall provide PG&E with documentation satisfactory to PG&E that it has undertaken Security Measures. b. Contractor . ▇▇▇▇▇▇ and PG&E agree to meet periodically, if requested by PG&E, to evaluate ContractorSeller's Security Measures and to discuss, in good faith, means by which the Parties can enhance such protection, if necessary. c. Contractor . Seller shall update its Security Measures, including procedures, practices, policies and controls so as to keep current with industry standards, including but not limited to NIST and NERC/CIP, as applicable. d. . PG&E reserves the right to perform onsite security assessments to verify the implementation and ongoing operation and maintenance of security controls. At least annually, Contractor Seller shall assist PG&E in obtaining a copy of any report that documents ContractorSeller's Security Measures. e. . In the event, PG&E determines Contractor Seller has not complied with Security Measures, PG&E shall provide written notice to Contractor Seller describing the deficiencies. Contractor Seller shall then have sixty (60) calendar days to cure. If Contractor Seller has not cured the deficiencies within sixty (60) calendar days, PG&E may cancel declare an Event of Default pursuant to Section 7.1 of this Contract for cause in accordance with Section 8.2 of these General ConditionsAgreement and pursue an Early Termination Date.

COMPLIANCE AND MONITORING. Contractor Recipient shall comply with security policies relating to the handling of Confidential Information. a. Prior to PG&E’s first transfer of Confidential Information to ContractorRecipient, Contractor Recipient shall provide PG&E with documentation satisfactory to PG&E that it has undertaken Security Measures. b. Contractor Recipient and PG&E agree to meet periodically, if requested by PG&E, to evaluate ContractorRecipient's Security Measures and to discuss, in good faith, means by which the Parties can enhance such protection, if necessary. c. Contractor Recipient shall update its Security Measures, including procedures, practices, policies and controls so as to keep current with industry standards, including but not limited to NIST and NERC/CIP, as applicable. d. PG&E reserves the right to perform onsite security assessments to verify the implementation and ongoing operation and maintenance of security controls. At least annually, Contractor Recipient shall assist PG&E in obtaining a copy of any report that documents ContractorRecipient's Security Measures. e. In the event, PG&E determines Contractor Recipient has not complied with Security Measures, PG&E shall provide written notice to Contractor Recipient describing the deficiencies. Contractor Recipient shall then have sixty (60) calendar days to cure. If Contractor Recipient has not cured the deficiencies within sixty (60) calendar days, PG&E may cancel this Contract for cause in accordance with Section 8.2 Article 40.0 of these General Conditions.