Audits and compliance. (a) The Supplier must audit its compliance with its Security Program and security obligations under this Agreement in accordance with any timeframes specified in the Order Documents and, where no such timeframes are specified, on an annual basis.
(b) The Supplier must provide the Customer, at the Customer's request, with electronic copies of:
(i) any security certifications required by this clause 21 and a copy of each renewal of these certifications;
(ii) a description of the Supplier's information security management system and cyber security management system;
(iii) all reports relating to:
A. any external or internal audits of the Supplier's security systems (to be provided for the most recent period available), including follow-up reports on audit action items; and
B. where applicable, the integrity of any data backups required to be undertaken as part of the Supplier's Activities;
(iv) evidence that a vulnerability and security management process is in place within its organisation that includes ongoing and routine vulnerability scanning, patching and coverage verification, with a frequency commensurate with any applicable security requirements specified in the Order Form, or where no requirements are specified, Best Industry Practice. This can include copies of relevant policies, scan results, vulnerability reports, registers of vulnerabilities and patch reports;
(v) evidence that (if applicable) penetration and security testing (including any Acceptance Tests set out in the Order Form) are carried out:
A. prior to, and directly after, new systems are moved into production or in the event of a significant change to the configuration of any existing system; or
B. at such other times specified in the Order Form; and
(vi) evidence that high and extreme Inherent Risks identified in audits, vulnerability scans and tests have been remediated, which must contain (at a minimum) full and complete details of information and reports insofar as they relate to the Supplier's Activities. Where the Supplier is not permitted to provide the Customer with any of the foregoing (due to confidentiality obligations to third parties or because to do so would cause the Supplier to breach any Law or relevant security certification that the Supplier is subject to), the Supplier may (acting reasonably) redact those components that it is not permitted to provide to the Customer but only to the fullest extent needed to prevent the Supplier's non- compliance.
(c) Without limitin...
Audits and compliance. Within three months of becoming a Member, Supplier Members are expected to undertake self- assessments of their compliance with their labour issues, health and safety policies and records, business ethics and environmental considerations, against the Standards, and to upload and publish such Data using the Sedex Account Data Forms in order to create and maintain up to date Data for their Sedex Accounts.
Audits and compliance. 5.1 Members choose which AAC to use to carry out their virtual assessments, from an AAC duly approved by Sedex to perform Virtual Assessments. Members engage directly with the AAC and pay the AAC for the virtual assessment work. As part of its engagement with the Member, the AAC must obtain confirmation in writing (which can be email) that it permits the AAC to upload and share the report on the Information Exchange.
5.2 All Virtual Assessment carried out by AACs for a Member must be uploaded to the relevant Sedex account for that Member/Site.
5.3 The Member decides which other Members will have permission to view the reports on the Information Exchange, from time to time.
5.4 Other Members may contact the AAC with queries on reports produced by and uploaded on the Information Exchange by them and the AAC shall use reasonable endeavours to answer all such queries within a reasonable period of time and in a reasonably helpful manner.
5.5 AACs undertake not to remove any Virtual Assessment reports from the Information Exchange unless they post a notice on the relevant area of the Information Exchange stating that a Virtual Assessment report has been removed and where a copy of such Virtual Assessment report can be obtained or reviewed.
5.6 Virtual Assessments can be used for initial audits, periodic audits and follow-up audits, but cannot be used for unplanned audits, due to the collaboration required between the AAC and Site of Employment concerned, during the planning stage and assessment of suitability of a Site, for conducting a Virtual Assessment.
5.7 AACs will not issue a certification of conformity in relation to the Sedex Virtual Assessment scheme, or any document that could reasonably be considered to be a Virtual Assessment certificate, as Virtual Assessment is not a certification scheme.
5.8 AACs shall use their best endeavours to reduce the cost burden of ethical labour audits on the supply chain, by minimising the duplication of Virtual Assessments.
Audits and compliance. AKP and/or AKPB or its authorized representatives shall have the right, at its cost, with reasonable advance notice (no less thansixty (60) daysprior written notice of its intent to audit) and agreed upon audit plan/scope, during regular business hours, to: Audit the facilities used by CMS in performance of this Agreement Review and audit any documentation and other electronic and non-electronic systems and business processes relating to CMS’s activities under this Agreement. AKP and/or AKPB shall have the right to monitor the conduct of CMS’s activities under this Agreement and review compliance with the terms of this Agreement. In case of concerns related to non-compliance with this Agreement, the Parties will jointly discuss and collaborate on clarifying and resolving the issues causing non-compliance. Every effort will be made by the non-compliant Party to solve the non-compliance issues and inform AKP through AKPB of their remedial actions.
Audits and compliance.
(a) The Supplier must audit its compliance with its Security Program and security obligations under this Agreement in accordance with any timeframes specified in the Order Documents and, where no such timeframes are specified, on an annual basis.
(b) The Supplier must provide the Customer, at the Customer's request, with electronic copies of: ( ) any security certifications required by this clause 21 and a copy of each renewal of these certifications;
(i) a description of the Supplier's information security management system and cyber security management system;
(ii) all reports relating to:
A. any external or internal audits of the Supplier's security systems (to be provided for the most recent period available), including follow-up reports on audit action items; and
B. where applicable, the integrity of any data backups required to be undertaken as part of the Supplier's Activities;
(iii) evidence that a vulnerability and security management process is in place within its organisation that includes ongoing and routine vulnerability scanning, patching and coverage verification, with a frequency commensurate with any applicable security requirements specified in the Order Form, or where no requirements are specified, Best Industry Practice. This can include copies of relevant policies, scan results, vulnerability reports, registers of vulnerabilities and patch reports;
(iv) evidence that (if applicable) penetration and security testing (including any Acceptance Tests set out in the Order Form) are carried out: DocuSign Envelope ID: CE00C711-48E9-422C-B3A2-E85974D8689A
Audits and compliance. The Service Provider shall carry out monthly, internal audits in order to monitor compliance with the conditions of the Waste Management Licence, the Site Management Plan and these Specifications. The weighbridge and laboratory shall be included.
Audits and compliance. Upon reasonable notice to SUPPLIER, SUPPLIER shall permit COMPANY or its appointed representatives (hereinafter “Auditors”) to conduct audits of all documents, processes, procedures and facilities of SUPPLIER applicable to PRODUCT for the purposes described herein (hereinafter an “Audit”). X
Audits and compliance. 17.1. Upon reasonable notice to SUPPLIER, SUPPLIER shall permit COMPANY or its appointed representatives (hereinafter “Auditors”) to conduct audits of all documents, processes, procedures, materials, supplies, equipment, packaging and facilities of SUPPLIER (or any third party engaged by SUPPLIER) applicable to PRODUCT for the purposes described herein (hereinafter an “Audit”). X
17.2. COMPANY or its Auditors may have access to SUPPLIER for routine compliance audit purposes once a year. Such Audits shall be conducted with reasonable notice during regular business hours. X
17.3. In addition to the compliance audits, COMPANY and its Auditors shall be entitled to conduct “For Cause” investigative Audits, to address significant PRODUCT quality or safety problems. For Cause Audits shall relate to significant operational concerns at SUPPLIER (or applicable third party), and may include but are not limited to lot rejection by COMPANY, unresolved OOS investigations, Warning Letter or any deficiency letter issued by a HEALTH AUTHORITY, as they pertain to systems or observations associated with the testing of PRODUCT. Such inspections or Audits, to the extent reasonably practical, shall be conducted in a manner that shall not materially interrupt or impair any significant operations at SUPPLIER (or applicable third party). X Quality & Manufacturing Master Service Agreement Revision#: A Page 23 of 28
17.4. If requested, an exit meeting shall be held between representatives from SUPPLIER and COMPANY and/or its Auditors to discuss Audit nonconformances. X X
17.5. COMPANY shall provide a written report of all Audit nonconformances to SUPPLIER within thirty (30) calendar days. COMPANY shall communicate all expected nonconformances to SUPPLIER at the conclusion of the audit. X
17.6. SUPPLIER (or applicable third party) shall correct all noted deficiencies as soon as practicable, and shall provide COMPANY with a written Corrective Action Plan to Audit observations within fifteen (15) calendar days of receipt of Audit report. X
17.7. If, within forty (40) business days after receiving an Audit report, SUPPLIER (or applicable third party) cannot remedy an Audit nonconformance the PARTIES shall use good faith efforts to agree upon a reasonable written plan and timetable for such remedy. X X 18. Inspections by HEALTH AUTHORITIES
18.1. SUPPLIER shall inform COMPANY with as much advance notice as possible, but at least within two (2) Business Days of notification, of any regulat...
Audits and compliance. 11.1. Upon reasonable request of the Customer, IRONTREE INTERNET SERVICES agrees to make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this Addendum and the Data Protection Legislation and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer subject to clause 11.2.
11.2. The Customer shall give IRONTREE INTERNET SERVICES reasonable prior notice of any information request, audit or inspection and ensure that such audit or inspection is undertaken during normal business hours for IRONTREE INTERNET SERVICES and with minimal disruption to IRONTREE INTERNET SERVICES. The Customer shall ensure that all information obtained or generated by the Customer pursuant to clause 11.1 is kept strictly confidential (save for disclosure to the Information Regulator or as otherwise required by applicable law). The Customer shall pay IRONTREE INTERNET SERVICES’s reasonable costs for assisting with the provision of information and allowing for and contributing to inspections and audits.
Audits and compliance