Data Security and Confidentiality Audits Sample Clauses
The Data Security and Confidentiality Audits clause grants one party the right to review and assess the other party’s compliance with agreed-upon data protection and confidentiality standards. Typically, this involves scheduled or ad hoc audits of systems, processes, and records to ensure that sensitive information is handled appropriately and that security measures are in place. By enabling such oversight, the clause helps verify ongoing compliance, mitigate risks of data breaches, and maintain trust between the parties.
Data Security and Confidentiality Audits. (i) If Provider does not provide a SOC 2 audit pursuant to Section 17.4(b) above, Provider shall perform an audit for the purpose of determining compliance by Provider with its data security obligations under this Agreement and shall be conducted at least annually.
(ii) BFA shall be entitled to such summary report of the audit that will describe whether Provider has met its data security obligations hereunder and whether or not a Data Security Breach has occurred, but that shall otherwise exclude information that Provider reasonably deems appropriate to exclude.
(iii) If any such audit reveals that Provider has failed to meet its data security obligations hereunder or that a Data Security Breach has occurred, upon BFA’s request (and at Provider’s sole cost and expense), Provider shall: (A) provide the affected BFA Recipients with sufficient information to determine the length, scope and impact of such failure; and (B) perform a follow-up audit to determine whether Provider has: (I) cured its failure to meet its data security obligations hereunder; or (II) remediated the Data Security Breach such that an improper disclosure or alteration of BFA Data is no longer reasonably likely to occur as a result of the incident giving rise to the follow-up audit.
(iv) Additional follow-up audits may be required to the extent any such audit reveals that the data security matters have not been remediated in all material respects.
(v) The results of any such audits and reports provided in connection therewith shall be Confidential Information of Provider.
Data Security and Confidentiality Audits. (i) Any audit performed under this Section will be for the purpose of determining compliance by State Street with its data security obligations under this Agreement.
(ii) Payment, frequency and other conditions relating to any audit performed under this Section will be agreed to by the Parties from time to time.
(iii) Notwithstanding the limitations in Section 12.2(a), State Street will provide access to such auditor that is necessary to enable such auditor to assess the Master Services Agreement 34 BTC | State Street CONFIDENTIAL following: (A) State Street’s compliance with its data security obligations hereunder; and (B) whether any incident has occurred that has compromised the security of State Street Technology in a manner such that BTC Data has been improperly disclosed or altered or that has created a reasonable likelihood that such a disclosure or alteration could occur as a result thereof (a “Data Security Breach”).
(iv) Such access may include browse-only access to State Street Technology consistent with the access provided to BTC Recipients in connection with the Services, but excluding: (A) access that to State Street Technology that would permit the auditor to view information of other clients of State Street; and (B) the ability to perform any penetration or similar testing.
(v) BTC shall be entitled to a report of the audit that will describe whether State Street has met its data security obligations hereunder and whether or not a Data Security Breach has occurred, but that shall otherwise exclude information that State Street reasonably deems appropriate to exclude.
(vi) If any such audit reveals that State Street has failed to meet its data security obligations hereunder or that a Data Security Breach has occurred, upon BTC’s request (and at its sole cost and expense), State Street shall: (A) provide the affected BTC Recipients with sufficient information to determine the length, scope and impact of such failure; and (B) employ an independent third-party auditor jointly selected by State Street and BTC to perform a follow up audit to determine whether State Street has: (I) cured its failure to meet its data security obligations hereunder; or (II) remediated the Data Security Breach such that an improper disclosure or alteration of BTC Data is no longer reasonably likely to occur as a result of the incident giving rise to the follow up audit.
(vii) Additional follow-up audits may be required to the extent any such audit reveals that the da...
Data Security and Confidentiality Audits. (i) Any audit performed under this Section will be for the purpose of determining compliance by State Street with its data security obligations under this Agreement.
(ii) Payment, frequency and other conditions relating to any audit performed under this Section will be agreed to by the Parties from time to time. Master Services Agreement 34 BTC | State Street CONFIDENTIAL (iii) Notwithstanding the limitations in Section 12.2(a), State Street will provide access to such auditor that is necessary to enable such auditor to assess the following: (A) State Street’s compliance with its data security obligations hereunder; and (B) whether any incident has occurred that has compromised the security of State Street Technology in a manner such that BTC Data has been improperly disclosed or altered or that has created a reasonable likelihood that such a disclosure or alteration could occur as a result thereof (a “Data Security Breach”).
Data Security and Confidentiality Audits. (i) ▇.▇. ▇▇▇▇▇▇ will either employ an independent third-party auditor or conduct its own internal audit, at its own cost and expense and on at least an annual basis, for the purpose of determining compliance by ▇.▇. ▇▇▇▇▇▇ with its data security policies and procedures and determine whether any Data Security Breach has occurred, including, at a minimum, a network penetration test and relevant portal penetration tests to review compliance of ▇.▇. ▇▇▇▇▇▇’▇ systems holding the Customer Data with controls that contain certain principles to be implemented by ▇.▇. ▇▇▇▇▇▇ parties (the “Security Principles”).
(ii) Notwithstanding the limitations in Section 6.11(a), ▇.▇. ▇▇▇▇▇▇ will provide access to such auditor that is necessary to enable such auditor to assess ▇.▇. ▇▇▇▇▇▇’▇ compliance with the data security controls that include the Security Principles and complete the audit.