Common use of Independent Assessments Clause in Contracts

Independent Assessments. On an annual basis, Box has an independent, suitably qualified third-party organization conduct an independent assessment consisting of a Report on Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality and/or Privacy (SOC2 Type II) or such other comparable assessment at its sole discretion (e.g. ISO 27001, Certification) and Box will provide a copy of such assessment to Customer upon Customer’s written request to Box. Box also undergoes at least an annual penetration test from independent, suitably qualified third parties, and Box will provide Customer with an executive summary of the most recent penetration test results upon Customer’s written request to Box.

Independent Assessments. On an annual basis, Box has an independent, suitably qualified third-third- party organization conduct an independent assessment consisting of a Report on Controls at a Service Organization Relevant to Security, Availability, Processing, Integrity, Confidentiality and/or Privacy (SOC2 Type II) or such other comparable assessment at its sole discretion (e.g. ISO 27001, 27001 Certification,) and Box will provide a copy of such assessment to Customer upon Customer’s written request to Box. Box also undergoes at least an annual penetration test from independent, suitably qualified third parties, and Box will provide Customer with an executive summary of the most recent penetration test results upon Customer’s written request to Box.