Common use of Oversight of Security Compliance Clause in Contracts

Oversight of Security Compliance. (A) The Consultant shall have and maintain a written information security policy that specifies Security Safeguards appropriate to the size and complexity of the Consultant’s operations and the nature and scope of its activities. (B) Upon the SJVIA’s written request, to confirm the Consultant’s compliance with this Article 10, as well as any applicable laws, regulations and industry standards, the Consultant grants the SJVIA or, upon the SJVIA’s election, a third party on the SJVIA’s behalf, permission to perform an assessment, audit, examination or review of all controls in the Consultant’s physical and technical environment in relation to all Personal Information that is Used by the Consultant pursuant to this agreement. The Consultant shall fully cooperate with such assessment, audit or examination, as applicable, by providing the SJVIA or the third party on the SJVIA’s behalf, access to all Authorized Employees and other knowledgeable personnel, physical premises, documentation, infrastructure and application software that is Used by the Consultant for Personal Information pursuant to this agreement. In addition, the Consultant shall provide the SJVIA with the results of any audit by or on behalf of the Consultant that assesses the effectiveness of the Consultant’s information security program as relevant to the security and confidentiality of Personal Information Used by the Consultant or Authorized Persons during the course of this agreement under this Article 10. (C) The Consultant shall ensure that all Authorized Persons who Use Personal Information agree to the same restrictions and conditions in this Article 10 that apply to the Consultant with respect to such Personal Information by incorporating the relevant provisions of these provisions into a valid and binding written agreement between the Consultant and such Authorized Persons, or amending any written agreements to provide same.