Customer Audit Rights. 6.1. Upon written request and at no additional cost to Customer, Snowflake shall provide Customer, and/or its appropriately qualified third-party representative (collectively, the “Auditor“), access to reasonably requested documentation evidencing Snowflake’s compliance with its obligations under this DPA in the form of the relevant audits or certifications listed in the Security Addendum, such as (i) Snowflake’s ISO 27001, HITRUST CSF, and PCI-DSS third-party certifications, (ii) Snowflake’s SOC 2 Type II audit reports, SOC 1 Type II audit reports, HIPAA Compliance Report for Business Associates, and (iii) Snowflake’s most recently completed industry standard security questionnaire, such as a SIG or CAIQ (collectively, “Reports”).
6.2. Customer may also send a written request for an audit of Snowflake’s applicable controls, including inspection of its facilities. Following receipt by Snowflake of such request, Snowflake and Customer shall mutually agree in advance on the details of the audit, including the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any such audit. Snowflake may charge a fee (rates shall be reasonable, taking into account the resources expended by Snowflake) for any such audit. The Reports, audit, and any information arising therefrom shall be considered Snowflake’s Confidential Information and may only be shared with a third party (including a Third-Party Controller) with Snowflake’s prior written agreement.
6.3. Where the Auditor is a third-party, the Auditor may be required to execute a separate confidentiality agreement with Snowflake prior to any review of Reports or an audit of Snowflake, and Snowflake may object in writing to such Auditor, if in
Customer Audit Rights. 8.2.1. Upon written request and at no additional cost to Customer, Snowflake shall provide Customer, or its appropriately qualified third-party representative (collectively, the "Auditor"), access to reasonably requested documentation evidencing Snowflake's compliance with its obligations under this Security Policy in the form of
(i) Snowflake’s ISO 27001 and PCI-DSS third-party certifications, (ii) Snowflake's SOC 1 Type II audit report, SOC 2 Type II audit report, HIPAA Compliance Report for Business Associates, (iii) Snowflake's most recently completed industry standard security questionnaire, such as a SIG or CAIQ, and (iv) data flow diagrams for the Service (collectively with Third-Party Audits, “Audit Reports”). 1 For clarity, where Customer's Agreement refers to the defined term "Security Breach", such reference shall be interpreted to refer to Security Incident, as defined herein.
8.2.2. Customer may also send a written request for an audit (including inspection) of Snowflake’s facilities. Following receipt by Snowflake of such request, Snowflake and Customer shall mutually agree in advance on the details of the audit, including reasonable start date, scope and duration of and security and confidentiality controls applicable to any such audit. Snowflake may charge a fee (rates shall be reasonable, taking into account the resources expended by Snowflake) for any such audit. Audit Reports, any audit, and any information arising therefrom are deemed Snowflake's Confidential Information.
8.2.3. Where the Auditor is a third-party (or Customer is using a third-party to conduct an approved Pen Test under Section 8.1), such third party may be required to execute a separate confidentiality agreement with Snowflake prior to any audit, Pen Test, or review of Audit Reports, and Snowflake may object in writing to such third party if in Snowflake's reasonable opinion the third party is not suitably qualified or is a direct competitor of Snowflake. Any such objection by Snowflake will require Customer to appoint another third party or conduct such audit, Pen Test, or review itself. Expenses incurred by Customer or the third party in connection with such audit, Pen Test, or review, shall be borne exclusively by Customer or the third party.
Customer Audit Rights. Patheon will permit audits on reasonable prior written notice, of all relevant premises, procedures and documentation by Cangene; to the extent such audits are related to Customer’s Product. Customer audits are limited to [**] per calendar year lasting no more than [**] days, and involving no more than [**] auditors unless for cause. Patheon will provide access to the manufacturing facility, on reasonable prior written notice, to Customer personnel during the manufacturing of Customer product(s). The rights of access, audit and inspection provided herein do not include any right to access or inspect Patheon’s financial records. Patheon shall respond to Cangene audit report within [**] days of Cangene audit report receipt. Cangene shall provide Patheon with the audit report within [**] days of the audit date.
Customer Audit Rights. 8.1. Upon Customer’s request, and subject to the confidentiality obligations set forth in your MongoDB Agreement, MongoDB will make available to Customer (or Customer’s independent, third-party auditor) information regarding MongoDB’s compliance with the security obligations set forth in this DPA in the form of third-party certifications and audits.
8.2. If that information is not sufficient to demonstrate our compliance with the security obligations in the DPA, you may contact MongoDB in accordance with the notice provision of your MongoDB Agreement to request an on-site audit of MongoDB’s procedures relevant to the protection of personal data, but only to the extent required under applicable Data Protection Law. Customer will reimburse MongoDB for its reasonable costs associated with any such on-site audit. Before the commencement of any such on-site audit, Customer and MongoDB will mutually agree upon the scope, timing, and duration of the audit.
8.3. Customer will promptly notify MongoDB with information regarding any non-compliance discovered during the course of an audit, and MongoDB will use commercially reasonable efforts to address any confirmed non- compliance.
Customer Audit Rights. Customer may audit Apollo’s compliance with its obligations under this DPA up to once per calendar year, provided that this annual limit does not apply if more frequent audits are required by Applicable Data Protection Laws or if mandated by Customer’s supervisory authority. Apollo will contribute to such audits by providing Customer or Customer’s supervisory authority with the information and assistance that Apollo considers appropriate and reasonably necessary to conduct the audit. If a third party is to conduct the audit, Apollo may object if the auditor is, in Xxxxxx’s reasonable opinion, not independent or otherwise manifestly unsuitable. Such an objection by Apollo will require Customer to appoint another auditor or conduct the audit itself. If Customer (acting reasonably) provides documentary evidence that the information made available by Apollo is not sufficient to demonstrate Apollo’s compliance with this DPA, Apollo shall allow for and contribute to audits by Customer, or a third-party auditor mandated by Customer regarding the processing of Customer Personal Data by Apollo. To request an audit, Customer must submit a proposed audit plan to Apollo at least 30 days in advance of the proposed audit date (except where an audit is mandated by Applicable Data Protection Laws or Customer’s supervisory authority, in which case the proposed audit plan must be submitted as soon as practically possible). Any third-party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties, providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the scope, duration, and start date of the audit. Apollo will review the proposed audit plan and provide Customer with any concerns or questions, such as any request for information that could compromise Apollo’s security, privacy, employment, or other relevant policies. Apollo will work cooperatively with Customer to agree on a final audit plan. Nothing in this Section 10 (CUSTOMER AUDIT RIGHTS) shall require Apollo to breach any duties of confidentiality. If the controls or measures to be assessed in the requested audit are addressed in an SOC 2 Type 2, ISO, NIST, or similar audit report performed by a qualified third-party auditor within 12 months of Customer’s audit request and Apollo has confirmed there have been no known material changes in the control...
Customer Audit Rights. Customer shall have the right to audit the Source Code from time to time to verify Source Code has been deposited in compliance with this Agreement. Acres shall have the right to observe Customer's audit.
Customer Audit Rights. Upon written request and at no additional cost to Customer, insightsoftware shall provide Customer, and/or its appropriately qualified third-party representative (collectively, the “Auditor“), access to reasonably requested documentation evidencing insightsoftware’s compliance with its obligations under this Security Addendum in the form of, as applicable, (i) insightsoftware’s ISO 27001 certification, (ii) insightsoftware’s SOC 2 Type II audit report and/or SOC 1 Type II audit report, (iii) insightsoftware’s most recently completed Shared Assessments Standardized Information Gathering (SIG) Questionnaire, and (iv) the most recent penetration test summary report for the relevant Software (“Audit Reports”). In the event insightsoftware is unable to provide an Audit Report, insightsoftware agrees to complete any Customer-provided information security questionnaire on an annual basis within six (6) weeks of Customer’s written request. Where the Auditor is a third-party, such third party may be required to execute a separate confidentiality agreement with insightsoftware prior to any review of Audit Reports, and insightsoftware may object in writing to such third party if in insightsoftware’s reasonable opinion the third party is not suitably qualified or is a direct competitor of insightsoftware. Any such reasonable objection by insightsoftware will require Customer to appoint another third party. Any expenses incurred by an Auditor in connection with any review of Audit Reports, or a customer-provided questionnaire shall be borne exclusively by the Auditor.
Customer Audit Rights. Upon Customer’s written request but no more than once per calendar year during the Term, Company shall provide to Customer, to the extent available to Company: (a) reports certifying Company’s compliance with ISO 27001/27002, (b) Company’s most recent SOC 2 Type II report, (c) a description of the results of security audits conducted by an independent third party that are applicable to the Services provided to Customer, and (d) Company’s policies relating to background checks, disaster recovery, business continuity, data retention, and Company’s information security program. DISASTER RECOVERY AND BUSINESS CONTINUITY Company will be responsible for satisfying the following minimum requirements for which Company will not charge Customer additional fees. Company agrees to (i) maintain a disaster recovery program, a business continuity plan, and an incident response plan (“Programs”), and (ii) test its Programs on an annual basis. In the event that such testing identifies any material issues with respect to Company’s Programs, Company will use commercially reasonable efforts to correct any such findings.
Customer Audit Rights. Customer shall have the right, upon not less than five (5) Business Days’ written notice to Provider, to audit the Facility in order to verify Provider’s compliance with
Customer Audit Rights. 6.1. Upon written request and at no additional cost to Customer, Vendor shall provide Customer, and/or its appropriately qualified third-party representative (collectively, the “Auditor”), access to reasonably requested documentation evidencing Vendor’s compliance with its obligations under this DPA in the form of Vendor’s most recently completed industry standard CAIQ security questionnaire (the “Report”).
6.2. Customer may also send a written request for an audit of Vendor’s applicable controls, including inspection of its facilities. Following receipt by Vendor of such request, Vendor and Customer shall mutually agree in advance on the details of the audit, including the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any such audit. Vendor may charge a fee (rates shall be reasonable, taking into account the resources expended by Vendor) for any such audit. The Report, audit, and any information arising therefrom shall be considered Vendor’s Confidential Information and may only be shared with a third party (including a Third-Party Controller) with Vendor’s prior written agreement.
6.3. Where the Auditor is a third party, the Auditor may be required to execute a separate confidentiality agreement with Vendor prior to any review of the Report or an audit of Vendor, and Vendor may object in writing to such Auditor, if in Vendor’s reasonable opinion, the Auditor is not suitably qualified or is a direct competitor of Vendor. Any such objection by Vendor will require Customer to either appoint another Auditor or conduct the audit itself. Any expenses incurred by an Auditor in connection with any review of the Report or an audit shall be borne exclusively by the Auditor. For clarity, the exercise of audit rights under the SCCs shall be as described in this Section 6 (Customer Audit Rights) and Customer agrees these rights are carried out on behalf of Customer and all relevant Third-Party Controllers, subject to the confidentiality and non-use restrictions of the Agreement.
