Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if: 客户审计。客户或 SAP 合理认可的独立第三方审计机构(不包括属于 SAP 竞争对手或没有适当资格或非独立的任何第三方审计机构)可就 SAP 处理个人数据的 SAP 控制环境和安全实践进行审计,但前提是: (a) SAP has not provided sufficient evidence of its compliance with the technical and organizational measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 and/or ISAE3000 or other SOC1-3 attestation report. Upon Customer’s request audit reports or ISO certifications are available through the third party auditor or SAP; (b) A Personal Data Breach has occurred; (c) An audit is formally requested by Customer’s data protection authority; or (d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Appears in 4 contracts
Samples: Personal Data Processing Agreement, Personal Data Processing Agreement, Personal Data Processing Agreement
