Oversight of Security Compliance. At least once per year, Backup Servicer shall conduct site audits of the information technology and information security controls for all facilities used in complying with its obligations under this Agreement. Upon Client’s request, to confirm Backup Servicer’s compliance with this Agreement, as well as any applicable laws, regulations and industry standards, Backup Servicer grants Client or, upon Client’s election, a third party on Client’s behalf, permission to perform an assessment, audit, examination or review of all controls in Backup Servicer’s physical and/or technical environment in relation to all Highly Confidential Information being handled and/or services being provided to Client pursuant to this Agreement. Backup Servicer shall fully cooperate with such assessment by providing access to knowledgeable personnel, physical premises, documentation, infrastructure and application software that processes, stores or transports Highly Confidential Information for Client pursuant to this Agreement. Upon Client’s written request, Backup Servicer shall make available to Client for review all of the following, as applicable: Backup Servicer’s latest Payment Card Industry (PCI) Certification Report; SOC2 Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy; and any reports relating to its ISO/ICE 27001 certification. Client shall treat such audit reports as Backup Servicer’s Confidential Information under this Agreement. Any exceptions noted on the SSAE report or other audit reports relating to Highly Confidential Information will be promptly addressed with the development and implementation of a corrective action plan by Backup Servicer’s management. 6.
Appears in 2 contracts
Sources: Backup Servicing Agreement (LendingClub Corp), Whole Loans Backup Servicing Agreement (LendingClub Corp)