Common use of 4me Audits Clause in Contracts

4me Audits. i. 4me engages credentialed external auditors to verify the adequacy of its security measures. This audit: (a) will be performed at least annually; (b) will be performed according to industry standards; (c) will be performed by independent third-party security professionals at 4me’s selection and expense; and (d) will result in the generation of an audit report (“Report”), which will be 4me’s Confidential Information. If Customer’s Agreement does not include a provision protecting 4me Confidential Information, then Reports will be made available to Customer subject to a mutually agreed upon non-disclosure agreement covering the Report (an “NDA”). ii. 4me engages independent entities to conduct regular application-level and infrastructure-level penetration tests. Results of these tests are shared with 4me management. 4me’s security team reviews and prioritizes the reported findings and tracks them to resolution. Customers wishing to conduct their own penetration test of the Services may request to do so and should contact their account representative to obtain permission from both 4me and 4me’s hosting provider. i. 4me’s SaaS platform is compliant with the requirements of SOC 2 Type 2 for information security, availability and privacy, as well as ISO 27001:2013 and ISO 27018:2019. To evaluate and help ensure the continued effectiveness of the security measures, 4me will update the SOC 2 report at least once every 12 months and will undergo yearly surveillance audits and a recertification audit after three years for the ISO certifications. 4me will notify Customer if there is any change in its audit strategy or if a significant finding/deviation during an audit will prevent 4me from continuing the above mentioned compliance strategy and therefore maintaining the mentioned certifications.

4me Audits. i. 4me engages credentialed accredited external auditors to verify the adequacy of its security measuresthe 4me TOMs. This audit: (a) will be performed at least annually; (b) will be performed according to industry standards; (c) will be performed by independent third-party security professionals at 4me’s selection and expense; and (d) will result in the generation of an audit report (“Report”), which will be 4me’s Confidential Information. If Customer’s Agreement agreement with 4me for the Service does not include a provision protecting 4me Confidential Information, then Reports will be made available to Customer subject to a mutually agreed upon non-disclosure agreement covering the Report (an “NDA”). ii. 4me engages independent entities to conduct regular application-level and infrastructure-level penetration tests. Results of these tests are shared with 4me management. 4me’s security team reviews and prioritizes the reported findings and tracks them to resolution. Customers wishing to conduct their own penetration test of the Services Service may request to do so and should contact their account representative to obtain permission from both 4me and 4me’s hosting provider. i. 4me’s SaaS platform is compliant with the requirements of SOC 2 Type 2 for information security, availability and privacy, as well as ISO 27001:2013 and ISO 27018:2019. To evaluate and help ensure the continued effectiveness of the security measuresTOMs, 4me will update the SOC 2 report at least once every 12 months and will undergo yearly surveillance audits and a recertification audit after three years for the ISO certifications. 4me will notify Customer if there is any change in its audit strategy or if a significant finding/deviation during an audit will prevent 4me from continuing the above above-mentioned compliance strategy and therefore maintaining the mentioned certifications.

4me Audits. i. 4me engages credentialed external auditors to verify the adequacy of its security measures. This audit: (a) will be performed at least annually; (b) will be performed according to industry standards; (c) will be performed by independent third-party security professionals at 4me’s selection and expense; and (d) will result in the generation of an audit report (“Report”), which will be 4me’s Confidential Information. If Customer’s Agreement does not include a provision protecting 4me Confidential Information, then Reports will be made available to Customer subject to a mutually agreed upon non-disclosure agreement covering the Report (an “NDA”). ii. 4me engages independent entities to conduct regular application-level and infrastructure-level penetration tests. Results of these tests are shared with 4me management. 4me’s security team reviews and prioritizes the reported findings and tracks them to resolution. Customers wishing to conduct their own penetration test of the Services may request to do so and should contact their account representative to obtain permission from both 4me and 4me’s hosting provider. i. 4me’s SaaS platform iii. 4me is compliant with the requirements of SOC 2 Type 2 for information security, availability and privacy, as well as privacy and seeks compliance with the requirements of ISO 27001:2013 and ISO 27018:201927001:2013. To evaluate and help ensure the continued effectiveness of the security measures, 4me will update the SOC 2 report at least once every 12 months to evaluate and will undergo yearly surveillance audits and a recertification audit after three years for help ensure the ISO certifications. 4me will notify Customer if there is any change in its audit strategy or if a significant finding/deviation during an audit will prevent 4me from continuing continued effectiveness of the above mentioned compliance strategy and therefore maintaining the mentioned certificationsSecurity Measures.

4me Audits. i. 4me engages credentialed external auditors to verify the adequacy of its security measures. This audit: (a) will be performed at least annually; (b) will be performed according to industry standards; (c) will be performed by independent third-party security professionals at 4me’s selection and expense; and (d) will result in the generation of an audit report (“Report”), which will be 4me’s Confidential Information. If Customer’s Agreement does not include a provision protecting 4me Confidential Information, then Reports will be made available to Customer subject to a mutually agreed upon non-disclosure agreement covering the Report (an “NDA”). ii. 4me engages independent entities to conduct regular application-level and infrastructure-level penetration tests. Results of these tests are shared with 4me management. 4me’s security team reviews and prioritizes the reported findings and tracks them to resolution. Customers wishing to conduct their own penetration test of the Services may request to do so and should contact their account representative to obtain permission from both 4me and 4me’s hosting provider. i. 4me’s SaaS platform is compliant with the requirements of SOC 2 Type 2 for information security, availability and privacy, as well as ISO 27001:2013 and ISO 27018:2019. To evaluate and help ensure the continued effectiveness of the security measures, 4me will update the SOC 2 report at least once every 12 months and will undergo yearly surveillance audits and a recertification audit after three years for the ISO certifications. 4me will notify Customer if there is any change in its audit strategy or if a significant finding/deviation during an audit will prevent 4me from continuing the above mentioned compliance strategy and therefore maintaining the mentioned certifications.

4me Audits. i. 4me engages credentialed external auditors to verify the adequacy of its security measures. This audit: (a) will be performed at least annually; (b) will be performed according to industry standards; (c) will be performed by independent third-party security professionals at 4me’s selection and expense; and (d) will result in the generation of an audit report (“Report”), which will be 4me’s Confidential Information. If Customer’s Agreement does not include a provision protecting 4me Confidential Information, then Reports will be made available to Customer subject to a mutually agreed upon non-disclosure agreement covering the Report (an “NDA”). ii. 4me engages independent entities to conduct regular application-level and infrastructure-level penetration tests. Results of these tests are shared with 4me management. 4me’s security team reviews and prioritizes the reported findings and tracks them to resolution. Customers wishing to conduct their own penetration test of the Services may request to do so and should contact their account representative to obtain permission from both 4me and 4me’s hosting provider. i. 4me’s SaaS platform iii. 4me is compliant with the requirements of SOC 2 Type 2 1 for information security, availability and privacy, as well as ISO 27001:2013 privacy and seeks compliance with the requirements of SOC 2 Type 2 and ISO 27018:201927001:2013. To evaluate and help ensure the continued effectiveness of the security measures, 4me will update the SOC 2 report at least once every 12 months to evaluate and will undergo yearly surveillance audits and a recertification audit after three years for help ensure the ISO certifications. 4me will notify Customer if there is any change in its audit strategy or if a significant finding/deviation during an audit will prevent 4me from continuing continued effectiveness of the above mentioned compliance strategy and therefore maintaining the mentioned certificationsSecurity Measures.