CUSTOMER SECURITY AUDIT. 8.1 At Customer's written request to Reveal, Customer can conduct a security audit of Reveal's facilities, systems, policies, controls and practices, at Customer's expense, by Customer or representatives of Customer, including without limitation an independent third-party auditor. 8.2 Customer Audit shall (i) occur at a mutually agreeable time not more than once a calendar year, starting at the Effective Date, and once following each Data Breach; (ii) not unreasonably interfere with Reveal's operations. Any third party performing such Customer Audit on behalf of Customer shall execute a standard nondisclosure agreement with Reveal with respect to the confidential processing and restricted use of information gathered in conducting the audit; and access to Reveal's facilities shall be subject to Reveal's reasonable access requirements and security policies. Notwithstanding the foregoing, Reveal's access requirements, security policies and the nondisclosure agreement, if applicable, shall in no way materially impede Customer, or a third party auditor selected by Customer, from conducting a Customer Audit. 8.3 The audit report shall be provided to Reveal by the auditors before it is finalised, so that Reveal can make any comments it may have, and the final report should take account of and respond to these comments. The audit report will then be sent to Reveal and discussed in a meeting between the Parties. 8.4 In the event that the final audit report reveals breaches of the commitments made in the performance of this DPA, Reveal shall propose a corrective action plan within a maximum of twenty
Appears in 6 contracts
Samples: General Terms and Conditions, General Terms and Conditions, General Terms and Conditions
