EXTERNAL AUDITS AND ASSESSMENTS Sample Clauses

EXTERNAL AUDITS AND ASSESSMENTS. Iron Mountain’s security protocols are designed to be consistent with industry standards. Iron Mountain will provide Customer with any third-party independent audit reports it has commissioned (e.g., PCI, ISO27001, SOC2, etc.) relevant to the Services in the region such Services are provided (“Audit Report”). Iron Mountain will provide all such reports commissioned with the intent of being customer-facing, regardless of the results of the report. Iron Mountain will not be required to provide internal audit results or results from other independent assessments which were commissioned with the intention of being confidential to Iron Mountain. Customer and its external auditors will be provided copies of the Audit Report upon request. Any Audit Report or other result generated through the tests or audits required by this section will be considered the Confidential Information of Iron Mountain. Customer shall have the right to provide a copy of such Audit Report to any applicable customers or regulators of Customer, subject to confidentiality provisions as restrictive as those herein. At Customer’s request, Iron Mountain shall confirm in writing that there have been no changes in the relevant policies, procedures and internal controls since the completion of any such Audit Report, not to extend more than three months from end of reporting period of the Audit Report.