Common use of Third Party Audits Clause in Contracts

Third Party Audits. Supplier shall allow for and contribute to audits that include inspections by granting Buyer (through a third-party representative(s) credentialed in such reviews) access to all reasonable and industry recognized documentation evidencing Supplier’s policies and procedures governing the security and privacy of Buyer Data and its Security Program, excluding any third party proprietary information or documentation expressly excluded from disclosure by such party or by Applicable Law (“Audit”); provided that such representative(s) shall enter into written obligations of confidentiality and non-disclosure directly with Supplier). The Audit disclosure will include documentation evidencing Supplier’s Security Program, as well as Supplier’s privacy policies and procedures regarding personal information processed within the Services, copies of certifications and attestation reports (including Audits) listed above. Without limiting the foregoing, the Audit shall demonstrate that the Company has and maintains a comprehensive Security Program, including by completing information security questionnaires and, if requested, providing: (a) all privacy, data processing, data protection, data security, encryption, and confidentiality related: (i) Company policies, procedures, and standards (including escalation procedures for non- compliance and training materials); (ii) available third party assessments, audits, and reviews, and other equivalent evaluations, and (iii) evidence that Scanning Assessments and Pen Tests were performed in accordance with Section 6.2; (b) to the extent permitted, individuals’ requests under Applicable Law with respect to their Personal Data processed in connection with the Services provided hereunder; (c) the public Internet Protocol ranges associated with Supplier Information Systems used in connection with the Services provided hereunder; and (d) relevant information and documentation to verify compliance with this ISA.