Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if:
(a) SAP has not provided sufficient evidence of its compliance with the technical and organizational measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards
(b) A Personal Data Breach has occurred;
(c) An audit is formally requested by Customer’s data protection authority; or
(d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s service and support delivery centers and IT security practices relevant to Personal Data processed by SAP only if:
(a) SAP has not provided sufficient evidence of its compliance with the technical and organizational measures through providing a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate). Certifications are available under: xxxxx://xxx.xxx.xxx/corporate/en/company/quality.html#certificates or upon request if the certification is not available online; or
(b) A Personal Data Breach has occurred; or
(c) An audit is formally requested by Customer’s data protection authority; or
(d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if:
(a) SAP has not provided sufficient evidence of its compliance with the technical and organizational measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 and/or ISAE3000 or other SOC1-3 attestation report. Upon Customer’s request audit reports or ISO certifications are available through the third party auditor or SAP;
(b) A Personal Data Breach has occurred;
(c) An audit is formally requested by Customer’s data protection authority; or
(d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if:
(a) SAP has not provided sufficient evidence of its compliance with the technical and organizational measures that protect the production systems of the Cloud Service through
(b) A Personal Data Breach has occurred;
(c) An audit is formally requested by Customer’s data protection authority; or
(d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if: 고객 감사. 고객 또는 SAP 가 타당하게 수용할 수 있는 독립적인 제 3 자 감사인은(SAP 의 경쟁업체이거나 적합한 자격을 갖추지 않았거나 독립적이지 않은 제 3 자 감사인은 제외됨) 다음의 경우에만 SAP 가 처리한 개인 정보와 관련하여 SAP 의 제어 환경과 보안 관행에 대한 감사를 실시할 수 있습니다.
(a) SAP has not provided sufficient evidence of its compliance with the technical and organizational measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 and/or ISAE3000 or other SOC1-3 attestation report. Upon Customer’s request audit reports or ISO certifications are available through the third party auditor or SAP;
(I) ISO 27001 또는 기타 표준에 따른 인증서(범위는 인증서에 정의) 또는 (ii) 유효한 ISAE3402 및/또는 ISAE3000 또는 기타 SOC1-3 인증 보고서 제출을 통해 클라우드 서비스의 운영 시스템을 보호하는 기술적/조직적 조치의 준수 여부에 대한 충분한 증거를 SAP 가 제시하지 않은 경우. 고객의 요청 시, 제 3 자 감사인 또는 SAP 를 통해 감사 보고서 또는 ISO 인증서를 이용할 수 있습니다.
(b) A Personal Data Breach has occurred;
(c) An audit is formally requested by Customer’s data protection authority; or
(d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Customer Audit. During the term of the Contract and for a period of five (5) years following its termination or expiration, at the request of the Service Provider, the customer undertakes to provide all documents within seven (7) days of the request, appropriate information and records relating to the access and use of the Application Service in order to enable the Service Provider or any third party mandated for this purpose by the Partner to verify that the customer and the Authorized Users comply with the obligations of the Contract and respect the intellectual property rights of the Service Provider. Without prejudice to the rights and actions of the Service Provider, if the audit shows that the number of users exceeds the number of licenses for Authorized Users subscribed under the Contract, the Customer undertakes to remedy the breach immediately by subscribing additional licenses for Authorized User and the associated subscription, at the public price in force, plus interest calculated from the date of the overrun. In addition, the customer undertakes to reimburse reasonable audit costs incurred by the Service Provider.
Customer Audit. Where PeoplesHR Hosting applies, if the Customer requires to carry out any testing on the PeoplesHR Hosting, such tests may be carried out only after obtaining the prior written approval from the Company. The Company will take commercially reasonable efforts to facilitate such request, however, scheduling such tests are subject to availability of the Customer and its relevant personnel.
Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if:
(a) SAP has not provided sufficient evidence of its compliance with the technical and organizational measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 and/or ISAE3000 or other
(b) A Personal Data Breach has occurred;
(c) An audit is formally requested by Customer’s data protection authority; or
(d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if: 客户审计。客户或 SAP 合理认可的独立第三方审计机构(不包括属于 SAP 竞争对手或没有适当资格或非独立的任何第三方审计机构)可就 SAP 处理个人数据的 SAP 控制环境和安全实践进行审计,但前提是:
(a) SAP has not provided sufficient evidence of its compliance with the technical and organizational measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 and/or ISAE3000 or other SOC1-3 attestation report. Upon Customer’s request audit reports or ISO certifications are available through the third party auditor or SAP;
(b) A Personal Data Breach has occurred;
(c) An audit is formally requested by Customer’s data protection authority; or
(d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Customer Audit. Customer or its independent third party auditor reasonably acceptable to Qualtrics (which shall not include any third party auditors who are either a competitor of Qualtrics or not suitably qualified or independent) may audit Qualtrics’ control environment and security practices relevant to Personal Data processed by Qualtrics only if:
a. Qualtrics has not provided sufficient evidence of its compliance with the Technical and Organizational Measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 or ISAE3000 or other SOC1-3 attestation report. Upon Customer’s request audit reports or ISO certifications are available through the third party auditor or Qualtrics;
b. a Personal Data Breach has occurred;
c. an audit is formally requested by Customer’s data protection authority; or
d. provided under mandatory Data Protection Law conferring Customer a direct audit right and provided that Customer shall only audit once in any 12 month period unless mandatory Data Protection Law requires more frequent audits.
