Audit Requests. Subject to Section 7(c), upon Customer’s written request, Bugcrowd will provide Customer with the most recent summary audit report(s) concerning the compliance and undertakings in this Agreement. Xxxxxxxx's policy is to share methodology, and executive summary information, not raw data or private information. Bugcrowd will reasonably cooperate with Customer by providing available additional information to help Customer better understand such compliance and undertakings. To the extent it is not possible to otherwise satisfy an audit obligation mandated by applicable Data Protection Laws and Regulations and subject to Section 7(c), only the legally mandated entity (such as a governmental regulatory agency having oversight of Customer’s operations) may conduct an onsite visit of the facilities used to provide the Services. Unless mandated by Data Protection Laws and Regulations, no audits are allowed within a data center for security and compliance reasons. After conducting an audit under this Section 7 or after receiving an Bugcrowd report under this Section 7, Customer must notify Bugcrowd of the specific manner, if any, in which Bugcrowd does not comply with any of the security, confidentiality, or data protection obligations in this DPA, if applicable. Any such information will be deemed Confidential Information of Bugcrowd.
Appears in 2 contracts
Audit Requests. Subject to Section 7(c), upon Customer’s written request, Bugcrowd will provide Customer with the most recent summary audit report(s) concerning the compliance and undertakings in this Agreement. XxxxxxxxBugcrowd's policy is to share methodology, and executive summary information, not raw data or private information. Bugcrowd will reasonably cooperate with Customer by providing available additional information to help Customer better understand such compliance and undertakings. To the extent it is not possible to otherwise satisfy an audit obligation mandated by applicable Data Protection Laws and Regulations and subject to Section 7(c), only the legally mandated entity (such as a governmental regulatory agency having oversight of Customer’s operations) may conduct an onsite visit of the facilities used to provide the Services. Unless mandated by Data Protection Laws and Regulations, no audits are allowed within a data center for security and compliance reasons. After conducting an audit under this Section 7 or after receiving an Bugcrowd report under this Section 7, Customer must notify Bugcrowd of the specific manner, if any, in which Bugcrowd does not comply with any of the security, confidentiality, or data protection obligations in this DPA, if applicable. Any such information will be deemed Confidential Information of Bugcrowd.
Appears in 2 contracts
