Audits and compliance Sample Clauses

Audits and compliance. (a) The Supplier must audit its compliance with its Security Program and security obligations under this Agreement in accordance with any timeframes specified in the Order Documents and, where no such timeframes are specified, on an annual basis. (b) The Supplier must provide the Customer, at the Customer's request, with electronic copies of: (i) any security certifications required by this clause 21 and a copy of each renewal of these certifications; (ii) a description of the Supplier's information security management system and cyber security management system; (iii) all reports relating to: A. any external or internal audits of the Supplier's security systems (to be provided for the most recent period available), including follow-up reports on audit action items; and B. where applicable, the integrity of any data backups required to be undertaken as part of the Supplier's Activities; (iv) evidence that a vulnerability and security management process is in place within its organisation that includes ongoing and routine vulnerability scanning, patching and coverage verification, with a frequency commensurate with any applicable security requirements specified in the Order Form, or where no requirements are specified, Best Industry Practice. This can include copies of relevant policies, scan results, vulnerability reports, registers of vulnerabilities and patch reports; (v) evidence that (if applicable) penetration and security testing (including any Acceptance Tests set out in the Order Form) are carried out: A. prior to, and directly after, new systems are moved into production or in the event of a significant change to the configuration of any existing system; or B. at such other times specified in the Order Form; and (vi) evidence that high and extreme Inherent Risks identified in audits, vulnerability scans and tests have been remediated, which must contain (at a minimum) full and complete details of information and reports insofar as they relate to the Supplier's Activities. Where the Supplier is not permitted to provide the Customer with any of the foregoing (due to confidentiality obligations to third parties or because to do so would cause the Supplier to breach any Law or relevant security certification that the Supplier is subject to), the Supplier may (acting reasonably) redact those components that it is not permitted to provide to the Customer but only to the fullest extent needed to prevent the Supplier's non- compliance. (c) Without limitin...

Audits and compliance. Within three months of becoming a Member, Supplier Members are expected to undertake self- assessments of their compliance with their labour issues, health and safety policies and records, business ethics and environmental considerations, against the Standards, and to upload and publish such Data using the Sedex Account Data Forms in order to create and maintain up to date Data for their Sedex Accounts.

Audits and compliance. 5.1 Members choose which AAC to use to carry out their virtual assessments, from an AAC duly approved by Sedex to perform Virtual Assessments. Members engage directly with the AAC and pay the AAC for the virtual assessment work. As part of its engagement with the Member, the AAC must obtain confirmation in writing (which can be email) that it permits the AAC to upload and share the report on the Information Exchange. 5.2 All Virtual Assessment carried out by AACs for a Member must be uploaded to the relevant Sedex account for that Member/Site. 5.3 The Member decides which other Members will have permission to view the reports on the Information Exchange, from time to time. 5.4 Other Members may contact the AAC with queries on reports produced by and uploaded on the Information Exchange by them and the AAC shall use reasonable endeavours to answer all such queries within a reasonable period of time and in a reasonably helpful manner. 5.5 AACs undertake not to remove any Virtual Assessment reports from the Information Exchange unless they post a notice on the relevant area of the Information Exchange stating that a Virtual Assessment report has been removed and where a copy of such Virtual Assessment report can be obtained or reviewed. 5.6 Virtual Assessments can be used for initial audits, periodic audits and follow-up audits, but cannot be used for unplanned audits, due to the collaboration required between the AAC and Site of Employment concerned, during the planning stage and assessment of suitability of a Site, for conducting a Virtual Assessment. 5.7 AACs will not issue a certification of conformity in relation to the Sedex Virtual Assessment scheme, or any document that could reasonably be considered to be a Virtual Assessment certificate, as Virtual Assessment is not a certification scheme. 5.8 AACs shall use their best endeavours to reduce the cost burden of ethical labour audits on the supply chain, by minimising the duplication of Virtual Assessments.

Audits and compliance. The state may conduct periodic audits to ensure ISPs and EVCPs are adhering to best practices in patch management. Non-compliance with patch management guidelines can lead to further actions as deemed appropriate by the state. Supply Chain Risk Management

Audits and compliance. AKP and/or AKPB or its authorized representatives shall have the right, at its cost, with reasonable advance notice (no less than sixty (60) days prior written notice of its intent to audit) and agreed upon audit plan/scope, during regular business hours, to: Audit the facilities used by CMS in performance of this Agreement Review and audit any documentation and other electronic and non-electronic systems and business processes relating to CMS’s activities under this Agreement. AKP and/or AKPB shall have the right to monitor the conduct of CMS’s activities under this Agreement and review compliance with the terms of this Agreement. In case of concerns related to non-compliance with this Agreement, the Parties will jointly discuss and collaborate on clarifying and resolving the issues causing non-compliance. Every effort will be made by the non-compliant Party to solve the non-compliance issues and inform AKP through AKPB of their remedial actions.

Audits and compliance. (1) The Service Provider must, at its own cost, audit its compliance with its Security Policy and security obligations under this CSA on at least an annual basis. (2) On request by the PHN, the Service Provider must provide to the PHN with copies of all reports relating to any external or internal audits of the Service Provider’s security systems (to be provided for the most recent period available), including follow-up reports on audit action items. (3) At the PHN’s request, the Service Provider must implement any audit findings or recommendations arising from an audit conducted under clause 19.4(1) and reasonably demonstrate to the PHN the implementation of such findings and recommendations.

Audits and compliance. 17.1. Upon reasonable notice to SUPPLIER, SUPPLIER shall permit COMPANY or its appointed representatives (hereinafter “Auditors”) to conduct audits of all documents, processes, procedures, materials, supplies, equipment, packaging and facilities of SUPPLIER (or any third party engaged by SUPPLIER) applicable to PRODUCT for the purposes described herein (hereinafter an “Audit”). X 17.2. COMPANY or its Auditors may have access to SUPPLIER for routine compliance audit purposes once a year. Such Audits shall be conducted with reasonable notice during regular business hours. X 17.3. In addition to the compliance audits, COMPANY and its Auditors shall be entitled to conduct “For Cause” investigative Audits, to address significant PRODUCT quality or safety problems. For Cause Audits shall relate to significant operational concerns at SUPPLIER (or applicable third party), and may include but are not limited to lot rejection by COMPANY, unresolved OOS investigations, Warning Letter or any deficiency letter issued by a HEALTH AUTHORITY, as they pertain to systems or observations associated with the testing of PRODUCT. Such inspections or Audits, to the extent reasonably practical, shall be conducted in a manner that shall not materially interrupt or impair any significant operations at SUPPLIER (or applicable third party). X Quality & Manufacturing Master Service Agreement Revision#: A Page 23 of 28 17.4. If requested, an exit meeting shall be held between representatives from SUPPLIER and COMPANY and/or its Auditors to discuss Audit nonconformances. X X 17.5. COMPANY shall provide a written report of all Audit nonconformances to SUPPLIER within thirty (30) calendar days. COMPANY shall communicate all expected nonconformances to SUPPLIER at the conclusion of the audit. X 17.6. SUPPLIER (or applicable third party) shall correct all noted deficiencies as soon as practicable, and shall provide COMPANY with a written Corrective Action Plan to Audit observations within fifteen (15) calendar days of receipt of Audit report. X 17.7. If, within forty (40) business days after receiving an Audit report, SUPPLIER (or applicable third party) cannot remedy an Audit nonconformance the PARTIES shall use good faith efforts to agree upon a reasonable written plan and timetable for such remedy. X X 18. Inspections by HEALTH AUTHORITIES 18.1. SUPPLIER shall inform COMPANY with as much advance notice as possible, but at least within two (2) Business Days of notification, of any regulat...

Audits and compliance. ‌ (a) The Supplier must audit its compliance with its Security Program and security obligations under this Agreement in accordance with any timeframes specified in the Order Documents and, where no such timeframes are specified, on an annual basis.‌ (b) The Supplier must provide the Customer, at the Customer's request, with electronic copies of: ( ) any security certifications required by this clause 21 and a copy of each renewal of these certifications; (i) a description of the Supplier's information security management system and cyber security management system; (ii) all reports relating to: A. any external or internal audits of the Supplier's security systems (to be provided for the most recent period available), including follow-up reports on audit action items; and B. where applicable, the integrity of any data backups required to be undertaken as part of the Supplier's Activities; (iii) evidence that a vulnerability and security management process is in place within its organisation that includes ongoing and routine vulnerability scanning, patching and coverage verification, with a frequency commensurate with any applicable security requirements specified in the Order Form, or where no requirements are specified, Best Industry Practice. This can include copies of relevant policies, scan results, vulnerability reports, registers of vulnerabilities and patch reports; (iv) evidence that (if applicable) penetration and security testing (including any Acceptance Tests set out in the Order Form) are carried out: DocuSign Envelope ID: CE00C711-48E9-422C-B3A2-E85974D8689A

Audits and compliance. (a) The Supplier must audit its compliance with its Security Program and security obligations under this Agreement in accordance with any timeframes specified in the Order Documents and, where no such timeframes are specified, on an annual basis. (b) Once in each 12-month period during the Term, the Supplier must, at its sole cost and expense, engage a duly qualified independent auditor to conduct a review of the design and operating effectiveness of the Supplier’s defined control objectives and control activities in connection with the Cloud Services (excluding Support). The Supplier must ensure that such auditor prepares a SOC I Type 2 report for all Cloud Services and, for multi -tenant Cloud Services only, a SOC II Type 2 report (collectively, the “Audit Report”). The Audit Report is the Supplier’s Confidential Information, but must be made available to the Customer on the Supplier’s support portal. The Customer may share a copy of such Audit Report with its auditors and regulators, provided that the auditors and regulators are informed that such Audit Report is the Supplier’s Confidential Information and must be protected accordingly. (c) In addition, the Supplier must annually, at its sole cost and expense, engage a duly qualified independent auditor to conduct a review of its information security in connection with the Cloud Services, as well as the Support Services provided to the Customer for both Software and the Cloud Services, in each case under the International Organization for Standardization (ISO) 27001 standard. The Supplier must ensure that such auditor prepares a report in accordance with such standard. The Supplier must ensure that the Customer may obtain a copy of the resulting certificate from the Supplier’s cloud security site (xxxxx.xxxxx.xxx) at any time. The certificate will identify the Software subject to the report. As part of this ISO 27001 certification, the Supplier must maintain an Information Security Management System manual for the Software included in the certification, and the related Support Services, which must ensure the protection, confidentiality, integrity and availability of the Supplier’s assets used to provide such Software and Services. The Supplier must make available all additional third party certifications at xxxxx.xxxxx.xxx. (d) Without limiting clause 11.3(a)(ii), the Supplier must run initial and annual mandatory security awareness training for all of the Supplier’s employees involved in carrying out t...

Audits and compliance. The Service Provider shall carry out monthly, internal audits in order to monitor compliance with the conditions of the Waste Management Licence, the Site Management Plan and these Specifications. The weighbridge and laboratory shall be included.