Common use of Audit and Inspections Clause in Contracts

Audit and Inspections. Where Customer reasonably considers the information provided under clause 4.8 above is not sufficient to demonstrate Secureworks’ compliance with this DPA, Customer may request reasonable access to Secureworks’ relevant processing activities in order to audit and/or inspect Secureworks’ compliance with this DPA PROVIDED THAT: (a) Customer gives Secureworks reasonable prior written notice of at least thirty (30) days before any audit or inspection (unless a shorter notice period is required by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach) (b) audits or inspections may not be carried out more frequently than once in any twelve month period (unless required more frequently by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach) (c) Customer submits to Secureworks a detailed audit plan at least two weeks in advance of the proposed audit date describing the proposed scope, duration and start date of the audit. Secureworks shall review the audit plan and provide Customer with any material concerns or questions without undue delay. The parties will then reasonably cooperate to agree a final audit plan (d) Secureworks may restrict access to information in order to avoid compromising a continuing investigation, violating law or violating confidentiality obligations to third parties. Any access to sensitive or restricted facilities by Customer is strictly prohibited due to regulatory restrictions on access to other customers’ data, although Customer and/or its auditor shall be entitled to observe the security operations center via a viewing window). Customer shall not (and must ensure that its auditor shall not) allow any sensitive documents and/or details regarding Secureworks’ policies, controls and/or procedures to leave the Secureworks location at which the audit or inspection is taking place (whether in electronic or physical form) (e) Customer carries out the audit or inspection during normal business hours and without creating a business interruption to Secureworks (f) the audit or inspection is carried out in compliance with Secureworks’ relevant on site policies and procedures (g) where the audit is carried out by a third party on behalf of the Customer, such third party is bound by similar obligations to those set out in Section 8 of the MSA (Confidentiality) and is not a direct competitor of Secureworks. Secureworks reserves the right to require any such third party to execute a confidentiality agreement directly with Secureworks prior to the commencement of an audit or inspection, and (h) except where the audit or inspection discloses a failure on the part of Secureworks to comply with its material obligations under this DPA, Customer shall pay all reasonable costs and expenses (including without limitation any charges for the time engaged by Secureworks, its personnel and professional advisers) incurred by Secureworks in complying with this clause. Customer shall provide to Secureworks a copy of any audit reports generated in connection with an audit carried out under this clause, unless prohibited by applicable law. Customer may use the audit reports only for the purposes of meeting its regulatory audit requirements and/or confirming compliance with the requirements of this DPA. The audit reports shall be Confidential Information of the parties.

Audit and Inspections. Where Customer reasonably considers the information provided under clause 4.8 above is not sufficient to demonstrate Secureworks’ compliance with this DPA, Customer may request reasonable access to Secureworks’ relevant processing activities in order to audit and/or inspect Secureworks’ compliance with this DPA PROVIDED THAT: (a) Customer gives Secureworks reasonable prior written notice of at least thirty (30) days before any audit or inspection (unless a shorter notice period is required by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach) (b) audits or inspections may not be carried out more frequently than once in any twelve month period (unless required more frequently by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach) (c) Customer submits to Secureworks a detailed audit plan at least two weeks in advance of the proposed audit date describing the proposed scope, duration and start date of the audit. Secureworks shall review the audit plan and provide Customer with any material concerns or questions without undue delay. The parties will then reasonably cooperate to agree a final audit plan (d) Secureworks may restrict access to information in order to avoid compromising a continuing investigation, violating law or violating confidentiality obligations to third parties. Any access to sensitive or restricted facilities by Customer is strictly prohibited due to regulatory restrictions on access to other customers’ data, although Customer and/or its auditor shall be entitled to observe the security operations center via a viewing window). Customer shall not (and must ensure that its auditor shall not) allow any sensitive documents and/or details regarding Secureworks’ policies, controls and/or procedures to leave the Secureworks location at which the audit or inspection is taking place (whether in electronic or physical form) (e) Customer carries out the audit or inspection during normal business hours and without creating a business interruption to Secureworks (f) the audit or inspection is carried out in compliance with Secureworks’ relevant on site policies and procedures (g) where the audit is carried out by a third party on behalf of the Customer, such third party is bound by similar obligations to those set out in Section 8 of the MSA (Confidentiality) and is not a direct competitor of Secureworks. Secureworks reserves the right to require any such third party to execute a confidentiality agreement directly with Secureworks prior to the commencement of an audit or inspection, and (h) except where the audit or inspection discloses a failure on the part of Secureworks to comply with its material obligations under this DPA, Customer shall pay all reasonable costs and expenses (including without limitation any charges for the time engaged by Secureworks, its personnel and professional advisers) incurred by Secureworks in complying with this clause. Customer shall provide to Secureworks a copy of any audit reports generated in connection with an audit carried out under this clause, unless prohibited by applicable law. Customer may use the audit reports only for the purposes of meeting its regulatory audit requirements and/or confirming compliance with the requirements of this DPA. The audit reports shall be Confidential Information of the parties.

Audit and Inspections. Where Customer reasonably considers the information provided under clause 4.8 above is to not be sufficient to demonstrate Secureworks’ Critical Start’s compliance with this DPA, Customer may request reasonable access to Secureworks’ Critical Start’s relevant processing activities in order to audit and/or inspect Secureworks’ Critical Start’s compliance with this DPA PROVIDED THAT: : (a) Customer gives Secureworks reasonable Critical Start reasonable, prior written notice of at least thirty (30) days before any audit or inspection (unless a shorter notice period is required by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties parties, or in the event of a Data Breach) ; (b) audits or inspections may not be carried out more frequently than once in any twelve (12) month period (unless required more frequently by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties parties, or in the event of a Data Breach) ; (c) Customer submits to Secureworks Critical Start a detailed audit plan at least two (2) weeks in advance of the proposed audit date describing the proposed scope, duration duration, and start date of the audit. Secureworks Critical Start shall review the audit plan and provide Customer with any material concerns or questions without undue delay. The parties will then reasonably cooperate to agree a final audit plan ; (d) Secureworks Critical Start may restrict access to information in order to avoid compromising a continuing investigation, violating law law, or violating confidentiality obligations to third parties. Any access to sensitive or restricted facilities by Customer is strictly prohibited due to regulatory restrictions on access to other customers’ data, although Customer and/or its auditor shall be entitled been titled to observe the security operations center via a viewing window). Customer shall not (and must ensure that its auditor shall not) allow any sensitive documents and/or details regarding Secureworks’ Critical Start’s policies, controls controls, and/or procedures to leave the Secureworks Critical Start’s location at which where the audit or inspection is taking place (whether in electronic or physical form) ; (e) Customer carries out the audit or inspection during normal business hours and without creating a business interruption to Secureworks Critical Start; (f) the audit or inspection is carried out in compliance with Secureworks’ Critical Start’s relevant on on-site policies and procedures (g) where the audit is carried out by a third party on behalf of the Customer, such third party is bound by similar obligations to those set out in Section 8 of the MSA (Confidentiality) and is not a direct competitor of Secureworks. Secureworks reserves the right to require any such third party to execute a confidentiality agreement directly with Secureworks prior to the commencement of an audit or inspection, and (h) except where the audit or inspection discloses a failure on the part of Secureworks to comply with its material obligations under this DPA, Customer shall pay all reasonable costs and expenses (including without limitation any charges for the time engaged by Secureworks, its personnel and professional advisers) incurred by Secureworks in complying with this clause. Customer shall provide to Secureworks a copy of any audit reports generated in connection with an audit carried out under this clause, unless prohibited by applicable law. Customer may use the audit reports only for the purposes of meeting its regulatory audit requirements and/or confirming compliance with the requirements of this DPA. The audit reports shall be Confidential Information of the parties.;

Audit and Inspections. Where Customer reasonably considers the information provided under clause 4.8 above is not sufficient to demonstrate Secureworks’ compliance with this DPA, Customer may request reasonable access to Secureworks’ relevant processing activities in order to audit and/or inspect Secureworks’ compliance with this DPA PROVIDED THAT: (a) Customer gives Secureworks reasonable prior written notice of at least thirty (30) days before any audit or inspection (unless a shorter notice period is required by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach) (b) audits or inspections may not be carried out more frequently than once in any twelve month period (unless required more frequently by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach) (c) Customer submits to Secureworks a detailed audit plan at least two weeks in advance of the proposed audit date describing the proposed scope, duration and start date of the audit. Secureworks shall review the audit plan and provide Customer with any material concerns or questions without undue delay. The parties will then reasonably cooperate to agree a final audit plan (d) Secureworks may restrict access to information in order to avoid compromising a continuing investigation, violating law or violating confidentiality obligations to third parties. Any access to sensitive or restricted facilities by Customer is strictly prohibited due to regulatory restrictions on access to other customers’ data, data (although Customer and/or its auditor shall be entitled to observe the security operations center via a viewing window). Customer shall not (and must ensure that its auditor shall not) allow any sensitive documents and/or details regarding Secureworks’ policies, controls and/or procedures to leave the Secureworks location at which the audit or inspection is taking place (whether in electronic or physical form) (e) Customer carries out the audit or inspection during normal business hours and without creating a business interruption to Secureworks (f) the audit or inspection is carried out in compliance with Secureworks’ relevant on site policies and procedures (g) where the audit is carried out by a third party on behalf of the Customer, such third party is bound by similar obligations to those set out in Section 8 of the MSA (Confidentiality) and is not a direct competitor of Secureworks. Secureworks reserves the right to require any such third party to execute a confidentiality agreement directly with Secureworks prior to the commencement of an audit or inspection, and (h) except where the audit or inspection discloses a failure on the part of Secureworks to comply with its material obligations under this DPA, Customer shall pay all reasonable costs and expenses (including without limitation any charges for the time engaged by Secureworks, its personnel and professional advisers) incurred by Secureworks in complying with this clause. Customer shall provide to Secureworks a copy of any audit reports generated in connection with an audit carried out under this clause, unless prohibited by applicable law. Customer may use the audit reports only for the purposes of meeting its regulatory audit requirements and/or confirming compliance with the requirements of this DPA. The audit reports shall be Confidential Information of the parties.

Audit and Inspections. Where Customer reasonably considers the information provided under clause 4.8 above is not sufficient to demonstrate Secureworks’ compliance with this DPA, Customer may request reasonable access to Secureworks’ relevant processing activities in order to audit and/or inspect Secureworks’ compliance with this DPA PROVIDED THAT: (a) Customer gives Secureworks reasonable prior written notice of at least thirty (30) days before any audit or inspection (unless a shorter notice period is required by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach) (b) audits or inspections may not be carried out more frequently than once in any twelve twelve-month period (unless required more frequently by Privacy Laws, an order of a supervisory authority, otherwise agreed between the parties or in the event of a Data Breach) (c) Customer submits to Secureworks a detailed audit plan at least two weeks in advance of the proposed audit date describing the proposed scope, duration and start date of the audit. Secureworks shall review the audit plan and provide Customer with any material concerns or questions without undue delay. The parties will then reasonably cooperate to agree a final audit plan (d) Secureworks may restrict access to information in order to avoid compromising a continuing investigation, violating law or violating confidentiality obligations to third parties. Any access to sensitive or restricted facilities by Customer is strictly prohibited due to regulatory restrictions on access to other customers’ data, although Customer and/or its auditor shall be entitled to observe the security operations center via a viewing window). Customer shall not (and must ensure that its auditor shall not) allow any sensitive documents and/or details regarding Secureworks’ policies, controls and/or procedures to leave the Secureworks location at which the audit or inspection is taking place (whether in electronic or physical form) (e) Customer carries out the audit or inspection during normal business hours and without creating a business interruption to Secureworks (f) the audit or inspection is carried out in compliance with Secureworks’ relevant on on-site policies and procedures (g) where the audit is carried out by a third party on behalf of the Customer, such third party is bound by similar obligations to those set out in Section 8 of the MSA (Confidentiality) and is not a direct competitor of Secureworks. Secureworks reserves the right to require any such third party to execute a confidentiality agreement directly with Secureworks prior to the commencement of an audit or inspection, and (h) except where the audit or inspection discloses a failure on the part of Secureworks to comply with its material obligations under this DPA, Customer shall pay all reasonable costs and expenses (including without limitation any charges for the time engaged by Secureworks, its personnel and professional advisers) incurred by Secureworks in complying with this clause. Customer shall provide to Secureworks a copy of any audit reports generated in connection with an audit carried out under this clause, unless prohibited by applicable law. Customer may use the audit reports only for the purposes of meeting its regulatory audit requirements and/or confirming compliance with the requirements of this DPA. The audit reports shall be Confidential Information of the parties.