Common use of Third-Party Certifications and Audits Clause in Contracts

Third-Party Certifications and Audits. SFDC has obtained the third-party certifications and audits set forth in the Security, Privacy and Architecture Documentation for each applicable Service. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, SFDC shall make available to Customer (or Customer’s Third-Party Auditor - as defined below in section 6.2.4) information regarding SFDC’s compliance with the obligations set forth in this DPA in the form of a copy of SFDC’s then most recent third-party audits or certifications set forth in the Security, Privacy and Architecture Documentation. Such third-party audits or certifications may also be shared with Customer’s competent supervisory authority on its request. Where SFDC has obtained ISO 27001 certifications and SSAE 18 Service Organization Control (SOC) 2 reports for a particular Service as described in the Documentation, SFDC agrees to maintain these certifications or standards, or appropriate and comparable successors thereof, for the duration of the Agreement. Upon request, SFDC shall also provide a requesting Customer with a report and/or confirmation of SFDC's audits of third-party Sub-processors’ compliance with the data protection controls set forth in this DPA and/or a report of third-party auditors’ audits of third party Sub-processors that have been provided by those third-party Sub- processors to SFDC, to the extent such reports or evidence may be shared with Customer (“Third-party Sub-processor Audit Reports”). Customer acknowledges that (i) Third-party Sub-processor Audit Reports shall be considered Confidential Information as well as confidential information of the third-party Sub-processor and (ii) certain third-party Sub-processors to SFDC may require Customer to execute a non-disclosure agreement with them in order to view a Third-party Sub- processor Audit Report.

Third-Party Certifications and Audits. SFDC ▇▇▇▇▇▇ has obtained the third-party certifications and audits set forth in the Security, Privacy and Architecture Documentation for each applicable ServiceHERE. Upon Customer’s Your written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, SFDC ▇▇▇▇▇▇ shall make available to Customer You (or Customer’s Your Third-Party Auditor - as defined below in section Section 6.2.4) information regarding SFDC▇▇▇▇▇▇’s compliance with the obligations set forth in this DPA in the form of a copy of SFDC▇▇▇▇▇▇’s then most recent third-party audits or certifications set forth in the Security, Privacy and Architecture Documentationcertifications. Such third-party audits or certifications may also be shared with Customer’s Your competent supervisory authority Supervisory Authority on its request. Where SFDC has obtained ISO 27001 certifications and SSAE 18 Service Organization Control (SOC) 2 reports for a particular Service as described in the Documentation, SFDC agrees to maintain these certifications or standards, or appropriate and comparable successors thereof, for the duration of the Agreement. Upon Your reasonable request, SFDC ▇▇▇▇▇▇ shall also provide a requesting Customer with a report and/or confirmation of SFDC's ▇▇▇▇▇▇’s audits of third-party Sub-processors’ ' compliance with the data protection controls set forth in this DPA and/or a report of third-third party auditors’ ' audits of third party Sub-processors that have been provided by those third-party Sub- processors to SFDCKandji, to the extent such reports or evidence may be shared with Customer You (“Third-party Sub-processor Audit Reports”). Customer acknowledges You acknowledge that (i) Third-party Sub-processor Audit Reports shall be considered Confidential Information as well as confidential information of the third-party Sub-processor and (ii) certain third-party Sub-processors to SFDC Kandji may require Customer You to execute a non-disclosure agreement with them in order to view a Third-party Sub- Sub-processor Audit Report.

Third-Party Certifications and Audits. SFDC ▇▇▇▇▇▇▇ has obtained the third-party certifications and audits set forth where noted in the Security, Privacy and Architecture Security Documentation for each the applicable Service. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the AgreementAgreement or other applicable confidentiality obligation or agreement, SFDC Enverus shall make available to Customer (or Customer’s Third-Party Auditor - as defined below in section 6.2.4) information regarding SFDCEnverus’s compliance with the obligations set forth in this DPA in the form of (a) a copy of SFDCEnverus’s then most recent third-party audits or certifications set forth in the SecuritySecurity Documentation, Privacy and Architecture Documentationas applicable, or (b) such summary reporting materials prepared by Enverus supporting Enverus’s compliance with the obligations set forth in this DPA. Such third-party audits or certifications or summary reporting materials may also be shared with Customer’s competent supervisory authority on its request. Where SFDC Enverus has obtained ISO 27001 certifications and SSAE 18 Service Organization Control (SOC) 2 reports for a particular Service as described in the Documentation, SFDC Enverus agrees to maintain these certifications or standards, or appropriate and comparable successors thereof, for the duration of the Agreement. Upon request, SFDC shall Enverus may also provide a requesting Customer to the extent available with a report and/or confirmation of SFDCEnverus's audits of third-party Sub-processors’ compliance with the data protection controls set forth in this DPA and/or a report of third-party auditors’ audits of third party Sub-processors that have been provided by those third-party Sub- processors to SFDCEnverus, to the extent such reports or evidence may be shared with Customer (“Third-party Sub-processor Audit Reports”). Customer acknowledges that (i) Third-party Sub-processor Audit Reports shall be considered Confidential Information as well as confidential information of the third-third- party Sub-processor and (ii) certain third-party Sub-processors to SFDC Enverus may require Customer to execute a non-disclosure agreement with them in order to view a Third-party Sub- processor Audit Report.

Third-Party Certifications and Audits. SFDC Brightidea has obtained the third-party certifications and audits set forth in the Security, Privacy and Architecture Documentation for each applicable Service. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, SFDC Brightidea shall make available to Customer (or Customer’s Third-Party Auditor - as defined below in section 6.2.4) information regarding SFDCBrightidea’s compliance with the obligations set forth in this DPA in the form of a copy of SFDCBrightidea’s then most recent third-party audits or certifications set forth in the Security, Privacy and Architecture Documentation. Such third-party audits or certifications may also be shared with Customer’s competent supervisory authority on its request. Where SFDC Brightidea has obtained ISO 27001 certifications and SSAE 18 Service Organization Control (SOC) 2 reports for a particular Service as described in the Documentation, SFDC Brightidea agrees to maintain these certifications or standards, or appropriate and comparable successors thereof, for the duration of the Agreement. Upon request, SFDC Brightidea shall also provide a requesting Customer with a report and/or confirmation of SFDCBrightidea's audits of third-third party Sub-Sub- processors’ ' compliance with the data protection controls set forth in this DPA and/or a report of third-third party auditors’ ' audits of third party Sub-processors that have been provided by those third-party Sub- Sub-processors to SFDCBrightidea, to the extent such reports or evidence may be shared with Customer (“Third-party Sub-Sub- processor Audit Reports”). Customer acknowledges that (i) Third-party Sub-processor Audit Reports shall be considered Confidential Information as well as confidential information of the third-party Sub-processor and (ii) certain third-party Sub-processors to SFDC may require Customer to execute a non-disclosure agreement with them in order to view a Third-party Sub- processor Audit Report.and

Third-Party Certifications and Audits. SFDC KBC has obtained the third-party certifications and audits set forth in the Security, Privacy and Architecture Documentation for each applicable Service. Upon Customer’s written request at reasonable intervals, and subject to the confidentiality obligations set forth in the Agreement, SFDC KBC shall make available to Customer (or Customer’s Third-Party Auditor - as defined below in section 6.2.4) information regarding SFDCKBC’s compliance with the obligations set forth in this DPA in the form of a copy of SFDCKBC’s then most recent third-party audits or certifications set forth in the Security, Privacy and Architecture Documentation. Such third-party audits or certifications may also be shared with Customer’s competent supervisory authority on its request. Where SFDC KBC has obtained ISO 27001 certifications and SSAE 18 Service Organization Control (SOC) 2 reports for a particular Service as described in the Documentation, SFDC KBC agrees to maintain these certifications or standards, or appropriate and comparable successors thereof, for the duration of the Agreement. Upon request, SFDC KBC shall also provide a requesting Customer with a report and/or confirmation of SFDCKBC's audits of third-party Sub-processors’ compliance with the data protection controls set forth in this DPA and/or a report of third-party auditors’ audits of third party Sub-processors that have been provided by those third-party Sub- Sub processors to SFDCKBC, to the extent such reports or evidence may be shared with Customer (“Third-party Sub-processor Audit Reports”). Customer acknowledges that (i) Third-party Sub-processor Audit Reports shall be considered Confidential Information as well as confidential information of the third-party Sub-processor and (ii) certain third-party Sub-processors to SFDC KBC may require Customer to execute a non-disclosure agreement with them in order to view a Third-party Sub- Sub processor Audit Report.