Common use of Right of Review and Audit Clause in Contracts

Right of Review and Audit. Upon request by the EA, Contractor shall provide the EA with copies of its policies and related procedures that pertain to the protection of PII. It may be made available in a form that does not violate Contractor’s own information security policies, confidentiality obligations, and applicable laws. In the event of a data breach, contractor may be required to undergo an audit of its privacy and security safeguards, measures and controls as it pertains to alignment with the requirements of New York State laws and regulations, the EA’s policies applicable to Contractor, and alignment with the NIST Cybersecurity Framework performed by an independent third party at Contractor’s expense, and provide the audit report to the EA. Contractor may provide the EA with a recent industry standard independent audit report on Contractor’s privacy and security practices as an alternative to undergoing an audit.

Right of Review and Audit. Upon request by the EA, Contractor shall provide provides the EA with copies of its policies and related procedures that pertain to the protection of PIIPII at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇/trust/security/practices. It may be is made available in a form that does not violate Contractor’s own information security policies, confidentiality obligations, and applicable laws. In the event of a data breachaddition, contractor Contractor may be required to undergo an audit of its privacy and security safeguards, measures and controls as it pertains to alignment with the requirements of New York State laws and regulations, the EA’s policies applicable to Contractor, and alignment with the NIST Cybersecurity Framework performed by an independent third party at Contractor’s expense, and provide the audit report to the EA. Contractor may provide the EA with a recent industry standard independent audit report on Contractor’s privacy and security practices as an alternative to undergoing an audit.

Right of Review and Audit. Upon request by the EA, Contractor shall provide the EA with copies of its policies and related procedures that proceduresthat pertain to the protection theprotection of PII. It may be made available in a form that does thatdoes not violate Contractor’s own Contractor’sown information security policies, confidentiality obligationsconfidentialityobligations, and applicable lawsapplicablelaws. In the event of a data breachaddition, contractor may Contractormay be required to undergo an audit of its privacy and security safeguards, measures and controls as it pertains to alignment with the requirements of New York State laws and regulations, the EA’s policies applicable to Contractor, and alignment with the NIST Cybersecurity Framework performed by an independent third independentthird party at Contractor’s expenseContractor’sexpense, and provide the audit report providethe auditreport to the EA. Contractor may provide the EA with a recent industry standard independent audit report on Contractor’s privacy and security practices securitypractices as an alternative to undergoing an audit.

Right of Review and Audit. Upon request by the EA, Contractor shall provide the EA with copies of its policies and related procedures that pertain to the protection of PII. It may be made available in a form that does not violate Contractor’s 's own information security policies, confidentiality obligations, and applicable laws. In the event of a data breachaddition, contractor not more than once annually, Contractor may be required to undergo an audit of its privacy and security safeguards, measures and controls as it pertains to alignment with the requirements of New York State laws and regulations, the EA’s 's policies applicable to Contractor, and alignment with the NIST Cybersecurity Framework performed by an independent third party at Contractor’s expenseparty, and provide the audit report to the EA. Contractor may provide the EA with a recent industry standard independent audit report on Contractor’s 's privacy and security practices as an alternative to undergoing an audit.

Right of Review and Audit. Upon written request by the EA, Contractor shall provide the EA with copies of its policies and summaries of related procedures that pertain to the protection of PII. It may be made available in a form that does not violate Contractor’s own information security policies, confidentiality obligations, and applicable laws. In the event of a data breachaddition, contractor Contractor may be required to undergo an audit of its privacy and security safeguards, measures and controls as it pertains to alignment with the requirements of New York State laws and regulations, the EA’s policies applicable to ContractorContractor attached to this DPA, and alignment with the NIST Cybersecurity Framework performed by an independent third party at Contractor’s expense, and provide the audit report to the EA. Contractor may provide the EA with a recent industry standard independent audit report on Contractor’s privacy and security practices as an alternative to undergoing an audit.

Right of Review and Audit. Upon request by the EA, Contractor shall provide the EA with copies of its policies and related procedures that pertain to the protection of PII. It may be made available in a form that does not violate Contractor’s own information security policies, confidentiality obligations, and applicable laws. In the event of addition, no more than once a data breachyear, contractor Contractor may be required to undergo an audit of its privacy and security safeguards, measures and controls as it pertains to alignment with the requirements of New York State laws and regulations, the EA’s policies applicable to Contractor, and alignment with the NIST Cybersecurity Framework performed by an independent third party at ContractorEA’s expense, and provide the audit report to the EA. Contractor may provide the EA with a recent industry standard independent audit report on Contractor’s privacy and security practices as an alternative to undergoing an audit.

Right of Review and Audit. Upon request by the EA, Contractor shall provide the EA with copies of its policies and related procedures that pertain to the protection of PII. It may be made available in a form that does not violate Contractor’s own information security policies, confidentiality obligations, and applicable laws. In the event of a data breachaddition, contractor Contractor may be required to undergo an audit no more than one (1) time per calendar year of its privacy and security safeguards, measures and controls as it pertains to alignment with the requirements of New York State laws and regulations, the EA’s policies applicable to Contractor, and alignment with the NIST Cybersecurity Framework performed by an independent third party at ContractorEA’s expense, and provide the audit report to the EA. Contractor may provide the EA with a recent industry standard independent audit report on Contractor’s privacy and security practices as an alternative to undergoing an audit.