Certifications and Audits Clause Samples

Certifications and Audits. Company shall promptly complete and return to BNYM any certifications which BNYM in its sole reasonable discretion may from time to time send to Company, certifying that Company is using the Licensed System in material compliance with the terms and conditions set forth in this Agreement. BNYM may, at its expense and after giving at least 30 days' written notice to Company, virtually audit Company's utilization of the Licensed System and the scope of use and information during normal business hours pertaining to Company's compliance with the provisions of this Agreement. The foregoing right may be exercised directly by BNYM or by delegation to an independent auditor acting on its behalf.

Certifications and Audits. 6.1. Customer Audit Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if: a) SAP has not provided sufficient evidence of its compliance with the Technical and Organizational Measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or

Certifications and Audits. Company shall promptly complete and return to BNY any certifications which BNY in its sole reasonable discretion may from time to time send to Company, certifying that Company is using the Licensed System in material compliance with the terms and conditions set forth in this Agreement. BNY may, at its expense and after giving reasonable advance written notice to Company, not more than once annually and subject to Company's reasonable security requirements, enter Company locations during normal business hours and audit Company's utilization of the Licensed System and the scope of use and information pertaining to Company's compliance with the provisions of this Agreement. The foregoing right may be exercised directly by BNY or by delegation to an independent auditor acting on its behalf.

Certifications and Audits. 6.1. SAP Resources SAP provides Audit Reports and Certifications free of charge, online or upon request. Additional verifications that require SAP resources are limited and subject to the following Sections.

Certifications and Audits. 9.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third- party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust and Customer prior to initiation. Customer shall promptly notify Entrust with information regarding non-compliance discovered during the course of an audit, and Entrust shall use commercially reasonable efforts to address any confirmed non-compliance.

Certifications and Audits. 6.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust Datacard, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust Datacard shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust Datacard shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third-party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust Datacard and Customer prior to initiation. Customer shall promptly notify Entrust Datacard with information regarding non-compliance discovered during the course of an audit, and Entrust Datacard shall use commercially reasonable efforts to address any confirmed non- compliance. Schedule 1: Details of the Processing Schedule 2: EU Standard Contractual Clauses The parties' authorized signatories have duly executed this DPA: Name (written out in full): Position: Address: Signature: Name (written out in full): ▇▇▇▇ ▇. ▇▇▇▇▇▇▇ Position: General Counsel Address: ▇▇▇▇ ▇▇▇▇ ▇▇▇▇▇, ▇▇▇▇▇▇▇▇, ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇-▇▇▇▇ ▇▇▇ Signature: Entrust Datacard will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Services-related documentation, and as further instructed by Customer in its use of the Services.

Certifications and Audits. (a) Anaplan shall make available to the Client such information as is reasonably necessary to demonstrate Anaplan’s compliance with the obligations of this DPA and the obligations under applicable Data Protection Laws; (b) For the Anaplan Service, during the term of the Agreement, Anaplan will engage independent third-party auditors to perform regular audits (at least annually) and provide an Audit Report (SOC 1 Type 2 and/or SOC 2 Type 2 report) and/or ISO certificate/attestation; (c) Upon Client’s written request but no more than twice annually, and subject to the confidentiality obligations set forth in the Agreement, Anaplan shall provide a copy of Anaplan’s then most recent Audit Report or ISO certificate/attestation, or any summaries thereof, that Anaplan generally makes available to its Clients at the time of such request. (d) To the extent that Anaplan’s provision of an Audit Report does not provide sufficient information or Client is required to respond to regulatory authority audits, Client agrees to a mutually agreed-upon audit plan with Anaplan that (i) defines the mutually agreed-upon scope, timing and duration of the audit; (ii) ensures the use of an independent third party; (iii) provides notice to Anaplan in a timely fashion; (iv) requests access only during business hours; (v) accepts billing to Client at Anaplan’s then current rate; (vi) occurs no more than once annually; (vii) restricts its findings to only data relevant to Client; and (viii) obligates Client, to the extent permitted by law or regulations, to keep confidential any information gathered that, by its nature should be confidential.

Certifications and Audits. 8.1 Emburse shall provide to Customer information on Emburse’s technical and organizational measures as set forth in this DPA, including third party certifications and security Documentation, upon the written request of Customer. 8.2 Customer may reasonably audit Emburse’s Processing if: (i) Emburse fails to provide the information required under Section 8.1; or (ii) an audit is requested by a Responsible Authority. Customer may not request such audit more than once in any twelve (12) month period, however, a Responsible Authority may require more frequent audits of Emburse’s Processing. If a Controller requests an audit, such audit shall be conducted by and through Customer. If several Controllers request an audit, Customer shall make reasonable efforts to combine the audits. 8.3 Customer or a Controller undertaking an audit under Section 8.2 shall give Emburse at least sixty (60) days prior written notice of such audit. The date, time, place and scope of any audits shall be mutually agreed by the parties. Audits shall be limited to three (3) days and Customer or Controller shall make, and ensure that their independent auditors shall make, reasonable efforts to avoid and mitigate risk of any damage, injury or disruption to Emburse premises, equipment, personnel, operations, services and business in the course of such audit. 8.4 Customer shall bear all costs and expenses of all audits under Section 8.2. Emburse shall bear its own costs and expenses in making commercially reasonable efforts to cooperate with an audit; provided, that Customer or Controller shall reimburse Emburse for Emburse’s costs and expenses incurred regarding an audit which is (i) conducted in breach of this Section 8 or (ii) causes Emburse to incur costs and expenses extraordinary to industry standards and best practices.

Certifications and Audits. 6.1. Customer Audit Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s service and support delivery centers and IT security practices relevant to Personal Data processed by SAP only if: a) SAP has not provided sufficient evidence of its compliance with the Technical and Organizational Measures through providing a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate). Certifications are available on the My Trust Center or upon request if the certification is not available online; or b) a Personal Data Breach has occurred; or c) an audit is formally requested by Customer’s data protection authority; or d) mandatory Data Protection Law conferring Customer a direct audit right and provided that Customer shall only audit once in any 12 month period unless mandatory Data Protection Law requires more frequent audits.