Certifications and Audits. Company shall promptly complete and return to BNYM any certifications which BNYM in its sole discretion may from time to time send to Company, certifying that Company is using the Licensed System in strict compliance with the terms and conditions set forth in this Agreement. BNYM may, at its expense and after giving reasonable advance written notice to Company, enter Company locations during normal business hours and audit Company’s utilization of the Licensed System, the number of copies of the Documentation in Company’s possession, and the scope of use and information pertaining to Company’s compliance with the provisions of this Agreement. The foregoing right may be exercised directly by BNYM or by delegation to an independent auditor acting on its behalf. If BNYM discovers that there is any unauthorized scope of use or that Company is not in compliance with the aforementioned provisions, Company shall reimburse BNYM for the full costs incurred in conducting the audit.
Certifications and Audits. Company shall promptly complete and return to BNYM any certifications which BNYM in its sole reasonable discretion may from time to time send to Company, certifying that Company is using the Licensed System in material compliance with the terms and conditions set forth in this Agreement. BNYM may, at its expense and after giving at least 30 days' written notice to Company, virtually audit Company's utilization of the Licensed System and the scope of use and information during normal business hours pertaining to Company's compliance with the provisions of this Agreement. The foregoing right may be exercised directly by BNYM or by delegation to an independent auditor acting on its behalf.
Certifications and Audits. 6.1. Customer Audit Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if:
a) SAP has not provided sufficient evidence of its compliance with the Technical and Organizational Measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or
Certifications and Audits. 6.1. SAP Resources SAP provides Audit Reports and Certifications free of charge, online or upon request. Additional verifications that require SAP resources are limited and subject to the following Sections.
Certifications and Audits. 6.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust Datacard, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust Datacard shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust Datacard shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third-party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust Datacard and Customer prior to initiation. Customer shall promptly notify Entrust Datacard with information regarding non-compliance discovered during the course of an audit, and Entrust Datacard shall use commercially reasonable efforts to address any confirmed non- compliance. Schedule 1: Details of the Processing Schedule 2: EU Standard Contractual Clauses The parties' authorized signatories have duly executed this DPA: Name (written out in full): Position: Address: Signature: Name (written out in full): Xxxx X. Xxxxxxx Position: General Counsel Address: 0000 Xxxx Xxxxx, Xxxxxxxx, Xxxxxxxxx 00000-0000 XXX Signature: Entrust Datacard will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Services-related documentation, and as further instructed by Customer in its use of the Services.
Certifications and Audits. 9.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third- party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust and Customer prior to initiation. Customer shall promptly notify Entrust with information regarding non-compliance discovered during the course of an audit, and Entrust shall use commercially reasonable efforts to address any confirmed non-compliance.
Certifications and Audits. (a) Customer may audit Provider’s compliance with its obligations under this Data Processing Agreement up to once per year. In addition, to the extent required by Applicable Data Protection Law, including where mandated by Customer’s Supervisory Authority, Customer or Customer’s Supervisory Authority may perform more frequent audits, including inspections of any Provider-owned and controlled data center facility that Processes Personal Data. Provider will contribute to such audits by providing Customer or Customer’s Supervisory Authority with the information and assistance reasonably necessary to conduct the audit, including any relevant records of Processing activities applicable to the Services ordered by Customer.
(b) If a third party is to conduct the audit, the third party must be mutually agreed to by Customer and Provider (except if such third party is a competent Supervisory Authority). Provider will not unreasonably withhold its consent to a third party auditor requested by Customer. The third party must execute a written confidentiality agreement acceptable to Provider or otherwise be bound by a statutory confidentiality obligation before conducting the audit.
(c) To request an audit, Customer must submit a detailed proposed audit plan to Provider at least two weeks in advance of the proposed audit date. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Provider will review the proposed audit plan and provide Customer with any concerns or questions (for example, any request for information that could compromise Provider security, privacy, employment or other relevant policies). Provider will work cooperatively with Customer to agree on a final audit plan.
(d) If the requested audit scope is addressed in a SSAE 16/ISAE 3402 Type 2, ISO, NIST, PCI DSS, HIPAA or similar audit report issued by a qualified third party auditor within the prior twelve months and Provider provides such report to Customer confirming there are no known material changes in the controls audited, Customer agrees to accept the findings presented in the third party audit report in lieu of requesting an audit of the same controls covered by the report.
(e) The audit must be conducted during regular business hours at the applicable facility, subject to the agreed final audit plan and Provider’s health and safety or other relevant policies, and may not unreasonably interfere with Provider business activities.
(f) Customer will provide...
Certifications and Audits. (i) Microsoft has established and agrees to maintain a data security policy that complies with the ISO 27001 standards for the establishment, implementation, control, and improvement of the Information Security Management System and the ISO/IEC 27002 code of best practices for information security management (“Microsoft Online Information Security Policy”). On a confidential need-to-know basis, and subject to Customer’s agreement to non-disclosure obligations Microsoft specifies, Microsoft will make the Microsoft Online Information Security Policy available to Customer, along with other information reasonably requested by Customer regarding Microsoft security practices and policies. Customer is solely responsible for reviewing the Microsoft Online Information Security Policy, making an independent determination as to whether the Microsoft Online Information Security Policy meets Customer’s requirements, and for ensuring that Customer’s personnel and consultants follow the guidelines they are provided regarding data security.
(ii) Microsoft will audit the security of the computers and computing environment that it uses in processing Customer Data (including personal data) on the Microsoft Online Services and the physical data centers from which Microsoft provides the Microsoft Online Services. This audit: (a) will be performed at least annually; (b) will be performed according to ISO 27001 standards; (c) will be performed by third party security professionals at Microsoft’s selection and expense; (d) will result in the generation of an audit report (“Microsoft Audit Report”), which will be Microsoft’s confidential information; and (e) may be performed for other purposes in addition to satisfying this Section (e.g., as part of Microsoft’s regular internal security procedures or to satisfy other contractual obligations).
(iii) If Customer requests in writing, Microsoft will provide Customer with a confidential summary of the Microsoft Audit Report (“Summary Report”) so that Customer can reasonably verify Microsoft’s compliance with the security obligations under this Amendment. The Summary Report is Microsoft confidential information.
(iv) Microsoft will make good faith, commercially reasonable efforts to remediate (a) any errors identified in a Microsoft Audit Report that could reasonably be expected to have an adverse impact on Customer use of the Microsoft Online Services and (b) material control deficiencies identified in the Microsoft Audit Report.
Certifications and Audits. 6.1. Customer Audit Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s service and support delivery centers and IT security practices relevant to Personal Data processed by SAP only if:
a) SAP has not provided sufficient evidence of its compliance with the Technical and Organizational Measures through providing a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate). Certifications are available on the My Trust Center or upon request if the certification is not available online; or
b) a Personal Data Breach has occurred; or
c) an audit is formally requested by Customer’s data protection authority; or
d) mandatory Data Protection Law conferring Customer a direct audit right and provided that Customer shall only audit once in any 12 month period unless mandatory Data Protection Law requires more frequent audits.
Certifications and Audits. 6.1. Customer Audit Customer or its independent third-party auditor reasonably acceptable to RELISH (which shall not include any third party auditors who are either a competitor of RELISH or not suitably qualified or independent) may audit RELISH’s control environment and security practices relevant to Personal Data processed by RELISH only if:
a) RELISH has not provided sufficient evidence of its compliance with the Technical and Organizational Measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or
