Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s service and support delivery centers and IT security practices relevant to Personal Data processed by SAP only if: (a) SAP has not provided sufficient evidence of its compliance with the technical and organizational measures through providing a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate). Certifications are available under: xxxxx://xxx.xxx.xxx/corporate/en/company/quality.html#certificates or upon request if the certification is not available online; or (b) A Personal Data Breach has occurred; or (c) An audit is formally requested by Customer’s data protection authority; or (d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Appears in 31 contracts
Samples: Personal Data Processing Agreement, Personal Data Processing Agreement, Personal Data Processing Agreement
