Data Audits Clause Samples

Data Audits. ▇▇▇▇ shall have its policies and the conduct of its processing of personal data audited annually by an independent data auditor. The data auditor will evaluate the compliance of ▇▇▇▇ with the provisions of law including (a) clarity and effectiveness of notices, transparency, security safeguards, instances of personal data breach and response thereto.

Data Audits. 8.1. Upon the Data Discloser’s request, the Data Receiver will provide reasonable supporting documentation regarding its data safeguards as well as business continuity and recovery facilities, resources, plans, and procedures. 8.2. Upon reasonable notice to the Data Receiver, the Data Receiver will permit the Data Discloser, its auditors, designated audit representatives, and regulators, including data protection authorities, during normal business hours, to audit and inspect: 8.2.1. the Data Receiver’s facilities where Personal Data is Processed; 8.2.2. any computerised systems used to Process Personal Data; and 8.2.3. the Data Receiver’s security practices and procedures, data protection practices and procedures, and business continuity and recovery facilities, resources, plans, and procedures. The audit and inspection rights hereunder will be, at a minimum, for the purpose of verifying the Data Receiver’s compliance with this paragraph 8 and applicable Data Protection Laws.

Data Audits. (A) Annual Audits. Processor may provide certifications, such as ISO 27001 or SOC 2 Type II reports, as evidence of compliance in lieu of on-site audits, subject to the Customer’s review and acceptance. If the Customer does not accept such certifications, the (1) The Customer shall provide at least thirty (30) days’ prior written notice of its intent to conduct an audit. (2) The audit shall be conducted during the Processor’s normal business hours and in a manner that minimizes disruption to the Processor’s operations. (3) Following a confirmed or suspected Personal Data Breach involving the Processor, an ad-hoc audit may be requested by the Customer at Customer’s expense.

Data Audits. Contractor will at its own expense conduct at least once a year and immediately after any actual or reasonably suspected Data Compromise the following: An audit of Contractor’s security policies, procedures and controls; formal review of adherence to all acceptable standards for certification of cloud computing services, perform a vulnerability scan, performed by a District-approved Third party scanner, of Contractor’s systems and facilities used in any way to deliver Services under this Agreement or perform a formal penetration test, in a manner approved by District, of Contractor’s systems and facilities that are used in any way to deliver Services under this Agreement. Contractor will provide District with reports or other documentation resulting from these audits, certifications, scans or tests within seven (7) business days of Contractor’s receipt of such results. Based on the results of the above audits, certifications, scans and tests, Contractor will, within thirty (30) calendar days or receipt of such results, promptly modify its security measures in order to meet its obligations under this Agreement, and provide District with written evidence of remediation.