Common use of Customer Audit Clause in Contracts

Customer Audit. Customer or its independent third party auditor reasonably acceptable to Qualtrics (which shall not include any third party auditors who are either a competitor of Qualtrics or not suitably qualified or independent) may audit Qualtrics’ control environment and security practices relevant to Personal Data processed by Qualtrics only if: a. Qualtrics has not provided sufficient evidence of its compliance with the Technical and Organizational Measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 or ISAE3000 or other SOC1-3 attestation report. Upon Customer’s request audit reports or ISO certifications are available through the third party auditor or Qualtrics; b. a Personal Data Breach has occurred; c. an audit is formally requested by Customer’s data protection authority; or d. provided under mandatory Data Protection Law conferring Customer a direct audit right and provided that Customer shall only audit once in any 12 month period unless mandatory Data Protection Law requires more frequent audits.

Customer Audit. Customer or its independent third party auditor reasonably acceptable to Qualtrics (which shall not include any third party auditors who are either a competitor of Qualtrics or not suitably qualified or independent) may audit Qualtrics’ control environment and security practices relevant to Personal Data processed by Qualtrics only if: a. a) Qualtrics has not provided sufficient evidence of its compliance with the Technical and Organizational Measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 or ISAE3000 or other SOC1-3 attestation report. Upon Customer’s request audit reports or ISO certifications are available through the third party auditor or Qualtrics; b. b) a Personal Data Breach has occurred; c. c) an audit is formally requested by Customer’s data protection authority; or d. d) provided under mandatory Data Protection Law conferring Customer a direct audit right and provided that Customer shall only audit once in any 12 month period unless mandatory Data Protection Law requires more frequent audits.

Customer Audit. Customer or its independent third party auditor reasonably acceptable to Qualtrics RELISH (which shall not include any third party auditors who are either a competitor of Qualtrics RELISH or not suitably qualified or independent) may audit Qualtrics’ RELISH’s control environment and security practices relevant to Personal Data processed by Qualtrics RELISH only if: a. Qualtrics : RELISH has not provided sufficient evidence of its compliance with the Technical technical and Organizational Measures organizational measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 or and/or ISAE3000 or other SOC1-3 attestation report. Upon Customer’s request audit reports or ISO certifications are available through the third party auditor or Qualtrics; b. a RELISH; A Personal Data Breach has occurred; c. an ; An audit is formally requested by Customer’s data protection authority; or d. provided under mandatory or Mandatory Data Protection Law conferring provides Customer with a direct audit right and provided that Customer shall only audit once in any 12 twelve-month period unless mandatory Data Protection Law requires more frequent audits.