Common use of Customer Audit Rights Clause in Contracts

Customer Audit Rights. 6.1. Upon written request and at no additional cost to Customer, Snowflake shall provide Customer, and/or its appropriately qualified third-party representative (collectively, the “Auditor“), access to reasonably requested documentation evidencing Snowflake’s compliance with its obligations under this DPA in the form of the relevant audits or certifications listed in the Security Addendum, such as (i) Snowflake’s ISO 27001, HITRUST CSF, and PCI-DSS third-party certifications, (ii) Snowflake’s SOC 2 Type II audit reports, SOC 1 Type II audit reports, HIPAA Compliance Report for Business Associates, and (iii) Snowflake’s most recently completed industry standard security questionnaire, such as a SIG or CAIQ (collectively, “Reports”). 6.2. Customer may also send a written request for an audit of Snowflake’s applicable controls, including inspection of its facilities. Following receipt by Snowflake of such request, Snowflake and Customer shall mutually agree in advance on the details of the audit, including the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any such audit. Snowflake may charge a fee (rates shall be reasonable, taking into account the resources expended by Snowflake) for any such audit. The Reports, audit, and any information arising therefrom shall be considered Snowflake’s Confidential Information and may only be shared with a third party (including a Third-Party Controller) with Snowflake’s prior written agreement. 6.3. Where the Auditor is a third-party, the Auditor may be required to execute a separate confidentiality agreement with Snowflake prior to any review of Reports or an audit of Snowflake, and Snowflake may object in writing to such Auditor, if in

Customer Audit Rights. 6.1. 6.1 Upon written request and at no additional cost to Customer, Snowflake shall provide Customer, and/or or its appropriately qualified third-party representative (collectively, the “"Auditor“"), access to reasonably requested documentation evidencing Snowflake’s 's compliance with its obligations under this DPA in the form of the relevant audits or certifications listed in the Security Addendum, such as (i) Snowflake’s ISO 27001, HITRUST CSF, 27001 and PCI-DSS third-party certifications, (ii) Snowflake’s 's SOC 2 1 Type II audit reports, SOC 1 2 Type II audit reports, HIPAA Compliance Report for Business Associates, and (iii) Snowflake’s 's most recently completed industry standard security questionnaire, such as a SIG or CAIQ (collectively, “Reports”). 6.2. 6.2 Customer may also send a written request for an audit (including inspection) of Snowflake’s applicable controls, including inspection of its facilities. Following receipt by Snowflake of such request, Snowflake and Customer shall mutually agree in advance on the details of the audit, including the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any such audit. Snowflake may charge a fee (rates shall be reasonable, taking into account the resources expended by Snowflake) for any such audit. The Reports, audit, and any information arising therefrom shall be considered Snowflake’s 's Confidential Information and may only be shared with a third party (including a Third-Party Controller) with Snowflake’s prior written agreementInformation. 6.3. 6.3 Where the Auditor is a third-party, the Auditor may be required to execute a separate confidentiality agreement with Snowflake prior to any review of Reports or an audit of Snowflake, and Snowflake may object in writing to such Auditor, if inin Snowflake's reasonable opinion, the Auditor is not suitably qualified or is a direct competitor of Snowflake. Any such objection by Snowflake will require Customer to either appoint another Auditor or conduct the audit itself. Expenses incurred by Auditor in connection with any review of Reports or an audit, shall be borne exclusively by the Auditor.

Customer Audit Rights. 6.19.2.1. Upon written request and at no additional cost to Customer, Snowflake shall provide Customer, and/or and/ or its appropriately qualified third-party representative (collectively, the “"Auditor“"), access to reasonably requested documentation evidencing Snowflake’s 's compliance with its obligations under this DPA Security Addendum in the form of the relevant audits or certifications listed in the Security Addendumof, such as applicable, (i) Snowflake’s ISO 27001, HITRUST CSF, and PCI-DSS third-party certifications, (ii) Snowflake’s 's SOC 2 Type II audit reportsreport, SOC 1 Type II audit reportsreport, and HIPAA Compliance Report for Business Associates, and (iii) Snowflake’s 's most recently completed industry standard security questionnaire, such as a SIG or CAIQ CAIQ, and (collectivelyiv) data flow diagrams for the Service (collectively with Third-Party Audits, “Audit Reports”). 6.29.2.2. Customer may also send a written request for an audit of Snowflake’s applicable controls, including inspection of its facilities. Following receipt by Snowflake of such request, Snowflake and Customer shall mutually agree in advance on the details of the audit, including the reasonable start date, scope and duration of, of and security and confidentiality controls applicable to, to any such audit. Snowflake may charge a fee (rates shall be reasonable, taking into account the resources expended by Snowflake) for any such audit. The Audit Reports, any audit, and any information arising therefrom shall be considered Snowflake’s 's Confidential Information and may only be shared with a third party (including a Third-Party Controller) with Snowflake’s prior written agreementInformation. 6.39.2.3. Where the Auditor is a third-partyparty (or Customer is using a third-party to conduct an approved Pen Test under Section 9.1), the Auditor such third party may be required to execute a separate confidentiality agreement with Snowflake prior to any audit, Pen Test, or review of Reports or an audit of SnowflakeAudit Reports, and Snowflake may object in writing to such third party if in Snowflake's reasonable opinion the third party is not suitably qualified or is a direct competitor of Snowflake. Any such objection by Snowflake will require Customer to appoint another third party or conduct such audit, Pen Test, or review itself. Any expenses incurred by an Auditor in connection with any review of Audit Reports, or an audit or Pen Test, shall be borne exclusively by the Auditor, if in.

Customer Audit Rights. 6.1. 6.1 Upon written request and at no additional cost to Customer, Snowflake shall provide Customer, and/or or its appropriately qualified third-party representative (collectively, the “"Auditor“"), access to reasonably requested documentation evidencing Snowflake’s 's compliance with its obligations under this DPA in the form of the relevant audits or certifications listed in the Security Addendum, such as (i) Snowflake’s ISO 27001, HITRUST CSF, and PCI-PCI- DSS third-party certifications, (ii) Snowflake’s 's SOC 2 1 Type II audit reports, SOC 1 2 Type II audit reports, HIPAA Compliance Report for Business Associates, and (iii) Snowflake’s 's most recently completed industry standard security questionnaire, such as a SIG or CAIQ (collectively, “Reports”). 6.2. 6.2 Customer may also send a written request for an audit (including inspection) of Snowflake’s applicable controls, including inspection of its facilities. Following receipt by Snowflake of such request, Snowflake and Customer shall mutually agree in advance on the details of the audit, including the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any such audit. Snowflake may charge a fee (rates shall be reasonable, taking into account the resources expended by Snowflake) for any such audit. The Reports, audit, and any information arising therefrom shall be considered Snowflake’s 's Confidential Information and may only be shared with a third party (including a Third-Party Controller) with Snowflake’s prior written agreementInformation. 6.3. 6.3 Where the Auditor is a third-party, the Auditor may be required to execute a separate confidentiality agreement with Snowflake prior to any review of Reports or an audit of Snowflake, and Snowflake may object in writing to such Auditor, if inin Snowflake's reasonable opinion, the Auditor is not suitably qualified or is a direct competitor of Snowflake. Any such objection by Snowflake will require Customer to either appoint another Auditor or conduct the audit itself. Expenses incurred by Auditor in connection with any review of Reports or an audit, shall be borne exclusively by the Auditor. For clarity, the exercise of audit rights under the Standard Contractual Clauses shall be as described in this Section 6 (Customer Audit Rights).