Audits including inspections. 4.1. StepStone shall provide the customer with all necessary information to verify the obligations set out in the contract. StepStone shall permit the customer to conduct audits, including inspections in accordance with Art. 28(3)(h) GDPR, before the commencement and during the term of this agreement after reasonable prior notice and during normal business hours (9:00 a.m.-6:00 p.m.). The customer is entitled to satisfy itself directly, or through suitable third parties bound to professional secrecy, of the observance of the technical and organisational measures before commencement and during contract data processing, after timely notification at the business premises during normal business hours without disturbing the course of business. The result of these audits shall be documented and signed by both parties. 4.2. As verification of the technical and organisational measures, StepStone may also submit current certificates, reports or report extracts from independent bodies (e.g. auditors, internal auditors, data protection officers, IT security department, data protection auditors, quality auditors) or a suitable certification by IT security or data protection audit (e.g. in accordance with BSI Basic Protection).
Appears in 4 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement