Audit Obligations Sample Clauses

Audit Obligations. Each party (the “Audited Party”) agrees to permit the other (the “Auditing Party”), using a mutually-acceptable third party auditor, to audit its compliance with this Article V during regular business hours upon reasonable notice to the Audited Party. The Audited Party shall provide to the Auditing Party’s auditor copies of audits and system test results acquired by the Audited Party in relation to the data security policies and procedures designed to meet the requirements set forth above. Any audit performed hereunder shall be at the cost of the Auditing Party.
Sample 1Sample 2Sample 3See All (8)
AutoNDA by SimpleDocs
Audit Obligations. (1) Company shall be entitled, prior to the commencement of the processing of data and at regular intervals thereafter, to audit the technical and organizational measures implemented by Supplier and shall document the result of such audit. In the course of such audit, Company may, in particular, conduct the following measures, but shall not be limited to the same: ▪ Company may obtain information from Supplier. ▪ Company may request Supplier to submit to Company an existing attestation or certificate by an independent professional expert. ▪ Company may, upon reasonable and timely advance agreement, during regular business hours and without interrupting Supplier’s business operations, conduct an on-site inspection of Supplier’s business operations or have the same conducted by a qualified third party which shall not be a competitor of Supplier. (2) Supplier shall, make available to Company all information necessary to demonstrate compliance with the obligations laid down in Art. 28 GDPR and this Data Processing Agreement and allow for and contribute to audits, including inspections, conducted by Company or another auditor mandated by Company. (3) The Supplier shall immediately inform Company if, in its opinion, an instruction by Company infringes applicable data privacy law.
Sample 1Sample 2
Audit Obligations. (1) Supplier shall document and, upon request, prove to Company (at Company's expense) Supplier’s compliance with the obligations agreed upon in this DPA by appropriate methods, provided that Company shall not issue such a request more than once per year. Company and Supplier agree that documentation and proof can be submitted through the production of the following documentation and/or certifications: - conducting an self-audit - internal compliance regulations including external proof of compliance with these regulations - certifications on data protection and/or information security (e.g. ISO 27001) - codes of conduct approved in accordance with Article 40 of the GDPR - certifications in accordance with Article 42 of the GDPR. (2) To the extent (i) that Company can prove that the information provided by Supplier according to Section 6.1 is not sufficient to enable Company to carry out data protection impact assessments as required by law, and (ii) that Supplier is required under GDPR, Company may (at its own expense), upon reasonable and timely advance notice, during regular business hours, without interrupting Supplier’s business operations, and not more than once a year, conduct an on-site inspection of Supplier’s DPA-relevant business operations or have the same conducted by a qualified third party which shall not be a competitor of Supplier. Supplier may request that such on-site inspections are subject to (i) Company’s prior written confirmation to bear all of Supplier’s costs related to such on-site inspections, and (ii) the execution of a confidentiality statement, protecting the data of other customers of Supplier and the confidentiality of the technical and organizational measures and safeguards implemented by Supplier.
Sample 1Sample 2
Audit Obligations. Controller shall, prior to the commencement of Processing, and at regular intervals thereafter, audit the technical and organisational measures taken by Processor, and shall document the resulting findings. For such purpose, Controller may, e.g., • obtain information from the Processor: • request Processor to submit to Controller an existing attestation or certificate by an independent professional expert; or • upon reasonable and timely advance agreement, during regular business hours and without interrupting Processor’s business operations, conduct an on-site inspection of Processor’s business operations or have the same conducted by a qualified third party which shall not be a competitor of Processor (as determined by the Processor). Processor shall, upon Controller’s written request and within a reasonable period of time, provide Controller with all information necessary for such audit.
Sample 1
Audit Obligations. 7.1. Provider shall, prior to the commencement of Processing, and in regular intervals thereafter, audit the technical and organizational measures taken by SAP, and shall document the resulting findings. 7.2. For such purpose, Provider may a. collect voluntary disclosures from SAP; b. have an expert provide a testimonial or expert’s opinion: or c. as far as the options in a. and b. still do not eliminate probable cause (begründeter Verdacht) that the Processing of Personal Data by SAP is not done in conformance with the stipulations of this agreement, Provider may after prior notice (at least 3 weeks in advance) and during regular business hours, without disrupting SAP’s business operations, personally audit SAP. 7.3. SAP shall, upon Provider’s written request and within a reasonable period of time, provide Provider with all information necessary for such audit.
Sample 1
Audit Obligations. 11.1. Within one hundred twenty (120) days after the end of CCNMS fiscal year, for each fiscal year in which payments are to be made by CCS to CCNMS pursuant to this Agreement, CCNMS may retain an independent audit firm to audit the records of CCS and to prepare a report to be delivered to both parties simultaneously, which report shall set forth the amounts paid and/or due but not paid by CCS and to CCNMS pursuant to this Agreement during the fiscal year. Subject to paragraph 11.2 below, CCNMS shall pay for its own audit and the preparation of the report on its own records. 11.2. In the event an audit reveals that additional amounts are owed by CCS to CCNMS, the audit report shall specify the amount owed. Within ten ( 10) days after receipt of the report, CCS shall pay such amounts to CCNMS together with interest from the date the audit report disclosing the underpayment is delivered at the rate of eight percent (8%) per annum, together with the reasonable costs of CCNMS for the audit. If such additional amounts owed by CCS to CCNMS for such period are in excess of ten percent (10%) of all amounts owed by CCS to CCNMS as determined by the audit for such period, then CCS shall also reimburse CCNMS for the reasonable cost of the audit. 12.
Sample 1
Audit Obligations. During the Term, on an annual basis, ThoughtFarmer will engage a certified professional accounting firm to perform an annual audit of ThoughtFarmer’s data protection features and provide a SOC 2 Type I or SOC 2 Type II report, pursuant to the standards of American Institute of CPAs (“AICPA”), to Customer following receipt from the accounting firm. If AICPA revises its relevant reporting standards, ThoughtFarmer shall obtain and make available the report that then most closely resembles a SOC 2 report.
Sample 1
AutoNDA by SimpleDocs
Audit Obligations. 7.1 The Subscriber can, prior to the commencement of the processing of data and at regular intervals thereafter, audit the technical and organisational measures implemented by Honeywell Homes and shall document the result of such audit. 7.2 Insofar as the Service is supplied as a white label product to Honeywell Homes by a third party service provider, Honeywell Homes shall arrange for audits of the respective data processing and protection practices to confirm compliance with this data processing agreement by reputable third party auditors and provide the Subscriber with a report summary and additional information on request. 7.3 Subscriber shall have the right to conduct an audit of Honeywell Homes’s compliance with its obligations under this data processing agreement. Certain information about the security standards of Honeywell Homes and Honeywell Homes´s service providers and practices are sensitive confidential information which will not be disclosed by Honeywell Homes. Upon request, Xxxxxxxxx Homes agrees to respond, no more than once per year, to a reasonable information security questionnaire concerning security practices specific to the Services provided hereunder.
Sample 1
Audit Obligations. (a) Subject to clause 10.2, TfNSW may at any time, by Instruction from TfNSW to the Operator, require the Operator at its own cost and risk to appoint an auditor who is independent of the Operator (“Independent Auditor”) to carry out an audit in relation to Services of the Operator for the purpose of assessing: (1) the Operator’s safety management system; (2) the Operator’s compliance with its safety management system; and (3) the Operator’s compliance with the terms and conditions of this Agreement. (b) For the avoidance of doubt, the audit referred to in clause 10.1 (a) will include assessment of: (1) whether any one or more of the individual wagons used by the Operator in the provision of a Service is loaded in excess of its rated carrying capacity; or (2) whether any one or more of the individual wagons used by the Operator in the provision of the Service is loaded in an unsafe or potentially unsafe manner. (c) The Operator will provide TfNSW promptly with a copy of the audit findings of any audit carried out pursuant to clause 10.1(a).
Sample 1
Audit Obligations. The Data Controller may, prior to the commencement of Processing, and in regular intervals thereafter, audit the technical and organizational measures taken by the Data Processor, and will document the resulting findings. For such purpose, the Data Controller will collect voluntary disclosures from the Data Processor. The Data Controller will: (i) ensure that any information request, audit or inspection is undertaken within normal business hours (unless such other time is mandated by a competent data protection regulator) with minimal disruption to Data Processor’s and/or its Sub-Processors’ businesses, and acknowledging that such information request, audit or inspection: (a) will not oblige Data Processor to provide or permit access to information concerning Data Processor’s internal business information or relating to other recipients of services from the Data Processor; and (b) shall be subject to any reasonable policies, procedures or instructions of Data Processor or its Sub-Processors for the purposes of preserving security and confidentiality; and (ii) provide Data Processor at least 30 days’ prior written notice of an information request and/or audit or inspection (unless the competent data protection regulator provides Data Controller with less than 30 days’ notice, in which case Data Controller shall provide Data Processor with as much notice as possible). If any information request, audit or inspection relates to systems provided by or on the premises of Data Processor’s Sub-Processors, the scope of such information request, audit and/or inspection will be as permitted under the relevant agreement in place between Data Processor and the Sub-Processor. A maximum of one information request, audit and/or inspection may be requested by Data Controller in any twelve (12) month period unless an additional information request, audit and/or inspection is mandated by a competent data protection regulator in writing. The Data Processor will cooperate with the Controller in the sense of Art. 28 III h GDPR in the facilitation of any audit or inspection or other work undertaken pursuant to Data Processor’s obligations under this Agreement.
Sample 1
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!