Common use of Demonstrating Compliance Clause in Contracts

Demonstrating Compliance. Dell agrees to supply, upon Customer request for an audit, the Standardized Information Gathering (“SIG”) questionnaire (“Security Questionnaire”) related to the security practices and posture of Dell’s organization. The Security Questionnaire is reviewed annually, mapped to Dell policies and standards, and updated with relevant and current US and international regulatory and privacy standards, such as, NIST 800-53r4, NIST CSF 1.1, CIS Top 20, or ISO 27001, where applicable. To the extent Customer’s audit requirements under the Standard Contractual Clauses or applicable Privacy Laws cannot reasonably be satisfied through the Security Questionnaire, documentation or compliance information Dell makes generally available to its customers, Dell will promptly respond to Customer’s additional audit instructions. Before the commencement of an audit, Customer and Dell will mutually agree upon the scope, timing, duration, control and evidence requirements, and fees for the audit, provided that this requirement to agree will not permit Dell to unreasonably delay performance of the audit. To the extent needed to perform the audit, Dell will make the processing systems, facilities and supporting documentation relevant to the processing of Personal Data by Dell available. Such an audit will be conducted by an independent, accredited third-party audit firm, during regular business hours, with reasonable advance notice to Dell, and subject to reasonable confidentiality procedures. Neither Customer nor the auditor shall have access to any data from Dell’s other customers or to Dell systems or facilities not involved in the Service Offering. Customer is responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time Dell expends for any such audit, in addition to the rates for services performed by Dell. If the audit report generated as a result of Customer’s audit includes any finding of material non-compliance, Customer shall share such audit report with Dell and Dell shall promptly cure any material non-compliance.

Demonstrating Compliance. Dell agrees to supply, upon Customer request for an audit, the Standardized Information Gathering (“SIG”) questionnaire (“Security Questionnaire”) related to the security practices and posture of Dell’s organization. The Security Questionnaire is reviewed annually, mapped to Dell policies and standards, and updated with relevant and current US and international regulatory and privacy standards, such as, NIST 800-53r4, NIST CSF 1.1, CIS Top 20, or ISO 27001, where applicable. To the extent Customer’s audit requirements under the Standard Contractual Clauses or applicable Privacy Laws cannot reasonably be satisfied through the Security Questionnaire, documentation or compliance information Dell makes generally available to its customers, Dell will promptly respond to Customer’s additional audit instructions. Before the commencement of an audit, Customer and Dell will mutually agree upon the scope, timing, duration, control and evidence requirements, and fees for the audit, provided that this requirement to agree will not permit Dell to unreasonably delay performance of the audit. To the extent needed to perform the audit, Dell will make the processing systems, facilities and supporting documentation relevant to the processing of Personal Data by Dell available. Such an audit will be conducted by an independent, accredited third-party audit firm, during regular business hours, with reasonable advance notice to Dell, and subject to reasonable confidentiality procedures. Neither Customer nor the auditor shall have access to any data from Dell’s other customers or to Dell systems or facilities not involved in the Service OfferingServices. Customer is responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time Dell expends for any such audit, in addition to the rates for services performed by Dell. If the audit report generated as a result of Customer’s audit includes any finding of material non-compliance, Customer shall share such audit report with Dell and Dell shall promptly cure any material non-non- compliance.