Security Report. Within one hundred eighty (180) days of the effective date of the SLA; and within ten (10) days of each anniversary thereof (or as may otherwise be reasonably requested by Republic), Company will deliver to Republic a report prepared (no more than one (1) year prior to such date) by an audit firm and such report must describe Company's systems and security controls implemented and used at the locations involved in Company's provision of the Services governed by the SLA (such report, the "SecurityReport"). The third-party auditor must be a widely-used and reputable auditor in the financial services industry in the applicable jurisdiction and with respect to the United States must be a national major auditing firm. The Security Report must be a SOC 2 Type II report that has been prepared in accordance with the American Institute of Certified Public Accountants' Trust Service Principles/Criteria (including security, availability, processing integrity, confidentiality, and privacy). Where a SOC 2 Type II report cannot be procured or where it is not a common report in the applicable jurisdiction, Company may provide a mutually agreed upon widely accepted equivalent (e.g., a SOC2 Type I report during an initial period). Company will use its best commercially reasonable efforts to cause each Service Provider to also provide Republic a Security Report in accordance with the foregoing requirements.
Appears in 1 contract
Security Report. Within one hundred eighty (180) days of the effective date of the SLA; and within ten (10) days of each anniversary thereof (or as may otherwise be reasonably requested by Republic), Company will deliver to Republic a report prepared (no more than one (1) year prior to such date) by an audit firm and such report must describe Company's systems and security controls implemented and used at the locations involved in Company's provision of the Services governed by the SLA (such report, the "SecurityReportSecurity Report"). The third-party auditor must be a widely-used and reputable auditor in the financial services industry in the applicable jurisdiction and with respect to the United States must be a national major auditing firm. The Security Report must be a SOC 2 Type II report that has been prepared in accordance with the American Institute of Certified Public Accountants' Trust Service Principles/Criteria (including security, availability, processing integrity, confidentiality, and privacy). Where a SOC 2 Type II report cannot be procured or where it is not a common report in the applicable jurisdiction, Company may provide a mutually agreed upon widely accepted equivalent (e.g., a SOC2 Type I report during an initial period). Company will use its best commercially reasonable efforts to cause each Service Provider to also provide Republic a Security Report in accordance with the foregoing requirements.
Appears in 1 contract