Common use of Third Party Reports Clause in Contracts

Third Party Reports. (a) In the event that RIB obtains any third-party assessment of the design and/or effectiveness of its information security management program (such as, without limitation, a SOC 2 report prepared by a Certified Public Accountant) or achieves any third- party certification of its information security management program (such as, without limitation, certification under ISO 27001), RIB promptly thereupon shall deliver to Customer a copy of such assessment report or certificate or, at RIB’s election, notify Customer thereof and permit Customer or, subject to the execution of a confidentiality and security agreement reasonably acceptable to RIB, Customer’s designee to review the same at RIB’s offices or via a secure online collaboration session). (b) Any such report delivered pursuant to this section will be deemed the Confidential Information of RIB. (c) If any such report includes any findings that RIB materially fails to comply with the applicable standards or includes any material test exceptions, RIB shall use reasonable efforts to remedy such noncompliance promptly. If RIB fails to deliver to Customer evidence of such remedy reasonably satisfactory to Customer within 45 days following such report, or if RIB fails to provide any report or certificate when required pursuant to this paragraph, then any provision of this Agreement to the contrary notwithstanding, Customer may terminate this Agreement without penalty upon written notice to RIB given any time thereafter until such evidence or such report or certificate (as the case may be) is so delivered.

Third Party Reports. (a) a. In the event that RIB obtains any third-party assessment of the design and/or effectiveness of its information security management program (such as, without limitation, a SOC 2 report prepared by a Certified Public Accountant) or achieves any third- third-party certification of its information security management program (such as, without limitation, certification under ISO 27001), RIB promptly thereupon shall deliver to Customer a copy of such assessment report or certificate or, at RIB’s election, notify Customer thereof and permit Customer or, subject to the execution of a confidentiality and security agreement reasonably acceptable to RIB, Customer’s designee to review the same at RIB’s offices or via a secure online collaboration session). (b) b. Any such report delivered pursuant to this section will be deemed the Confidential Information of RIB. (c) c. If any such report includes any findings that RIB materially fails to comply with the applicable standards or includes any material test exceptions, RIB shall use reasonable efforts to remedy such noncompliance promptly. If RIB fails to deliver to Customer evidence of such remedy reasonably satisfactory to Customer within 45 days following such report, or if RIB fails to provide any report or certificate when required pursuant to this paragraph, then any provision of this Agreement to the contrary notwithstanding, Customer may terminate this Agreement without penalty upon written notice to RIB given any time thereafter until such evidence or such report or certificate (as the case may be) is so delivered.