Information and Audit. 10.1 The Parties shall assist each other in complying with their respective obligations under the Freedom of Information Act 2000 and the Environmental Information Regulations 2004.
10.2 The Parties shall comply with their respective obligations under the Data Protection Act 1998. TfL will act as a Data Processor in respect of any personal information acquired as a result of carrying out these Arrangements, and the Parties will remain the relevant Data Controller.
10.3 The relevant internal and external auditors of the Parties responsible for audit shall have the right to inspect any documents and accounts relating to the Delegation and/or these Arrangements and/or the discharge of the Specified Functions.
Information and Audit. Promptly upon request, the Contractor shall provide to the Authority such information and records in connection with the Contractor’s obligations under this Schedule 11 as the Authority may request. The Contractor agrees (and procures that its sub-contractors agree) that the Authority, its agents and its representatives may conduct such audits as are considered necessary by the Authority acting reasonably, including for the following purposes: to ascertain the impact of any Cyber Security Incident; to review and verify the integrity, confidentiality and security of any data relating to the Framework Agreement; or to review the Contractor's and/or any sub-contractor’s compliance with its obligations under this Schedule 11. The Contractor shall (and shall ensure that any sub-contractor shall) provide the Authority, its agents and representatives with all reasonable co-operation and assistance in relation to audits, including: all data and/or records requested by the Authority; access to any relevant premises and to any equipment owned/controlled by the Contractor, any associated or group company and any sub-contractor and, where such premises and/or equipment are outwith the control of the Contractor, shall secure sufficient rights of access for the Authority, its agents and representatives as are necessary to allow audits to take place; and access to any relevant individuals. The Authority shall use its reasonable endeavours to: provide at least [10 days’] notice of its intention to conduct an audit (but is not obliged to do so); and ensure that the conduct of each audit does not unreasonably disrupt the Contractor and/or sub-contractor or delay the performance of the Framework Agreement. The parties shall bear their own respective costs and expenses incurred in respect of compliance with their obligations under this paragraph 4 [unless an audit identifies a breach of the terms of this Schedule 11 by the Contractor and/or sub-contractor, in which case the Contractor shall reimburse the Authority on demand for all the Authority's reasonable costs and expenses incurred in conducting the audit.] Guidance notes: The Contractor may not be able to facilitate an audit of its sub-contractors in all cases, (for example, this may not be possible if the contractor is using some major public cloud providers). In such circumstances, the Authority should consider carefully its requirements with regard to assurance. A breach of this Schedule 11 by the Contractor is a mate...
Information and Audit. Information Supplier will retain during the term of the Supply Agreement and for a reasonable period afterwards, accurate records of the Charges made and Services provided.
Information and Audit. 14.1 Illumina shall, at Customer’s cost, provide such information as Customer may reasonably request to demonstrate compliance with this DPA.
14.2 Upon Customer’s reasonable and prior written request, and no more frequently than once every twelve (12) months, Illumina shall make available to Customer evidence of the most recent third-party audit or certifications setting out Illumina’s conformity in relation to Personal Data Processing activities pursuant to this DPA.
14.3 Any information provided under this section is Illumina’s confidential information, and shall be subject to the confidentiality terms of the Agreement or such other terms as Illumina may require. Customer may not provide such information to any third-party or use such information for any purpose other than to verify Illumina’s compliance with this DPA without Illumina’s prior written consent.
14.4 If Customer can reasonably demonstrate that the information provided is not sufficient to demonstrate compliance with this DPA, Illumina shall reasonably consider any further requests for information from Customer to demonstrate compliance with this DPA.
14.5 Illumina will notify Customer if, in its opinion, any instruction from Customer infringes Data Protection Laws.
Information and Audit. 4.7.1. Reports. COMPANY acknowledges that PROVIDER is regularly audited against ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018 and ISAE 3000 standards. Upon COMPANY’s written request, PROVIDER will provide COMPANY with a full or summary copy, as applicable, of its then-current reports and certificates (hereinafter: “Report”). PROVIDER shall also provide, not later than ten (10) working days, written responses to all reasonable requests made by COMPANY for information relating to PROVIDER’s processing of Personal Data, including responses to information, privacy and security audit questionnaires submitted by COMPANY and that are necessary to confirm PROVIDER’s compliance with this DPA and Applicable Data Protection Law, provided that COMPANY shall not exercise this right more than once per year or when COMPANY is expressly requested or required to provide this information to a data protection authority.
Information and Audit. 5.7.1. The Processor agrees to provide the Controller all information necessary to demonstrate compliance with the obligations laid down in this DP Agreement and to allow for and contribute to audits, including on-site inspections, conducted by the Controller at the Controller’s own expense. The Controller may perform the audits itself or have them performed by a Third Party it has commissioned at its own expense, which will be confirmed and accepted previously by the Processor. Persons or Third Parties entrusted with such audits by the Controller must be obliged in a documented form to maintain confidentiality and announced to the Processor in an appropriate form.
5.7.2. Such audits shall be announced within a reasonable period of time, at least 30 days prior the audit, shall be performed on the basis of the mutually agreed audit plan, and shall take due care during their performance not to disturb regular business operations.
5.7.3. The Controller is not allowed to perform more than one one-site check per two years. More frequent audits are allowed only if and to extend required by Applicable Data Protection Laws (e.g. in case of Personal Data breach.).
Information and Audit. At any time during the term of the Agreement the Council may request and the Company shall provide any information, data and copy documentation ("information") (including but not limited to information about the workforce used in providing the Services under the Agreement) used in, under or as a result of, the Agreement and provision of the Services. The Company shall at all times maintain and keep true and accurate accounts and records and shall make the same available for inspection at all reasonable times by the Council upon reasonable notice given by the Council.
Information and Audit. 8.1 The Supplier shall maintain, in accordance with Data Protection Laws binding on the Supplier, written records of all categories of processing activities carried out on behalf of the Customer.
8.2 The Supplier shall, on request by the Customer, in accordance with Data Protection Laws, make available to the Customer such information as is reasonably necessary to demonstrate the Supplier’s compliance with its obligations under this Data Protection Addendum and Article 28 of the GDPR (and under any Data Protection Laws equivalent to that Article 28), and allow for and contribute to audits, including inspections, by the Customer (or another auditor mandated by the Customer) for this purpose provided:
8.2.1 such audit, inspection or information request is reasonable, limited to information in the Supplier’s (or any Sub-Processor’s) possession or control and is subject to the Customer giving the Supplier reasonable prior notice of such audit, inspection or information request;
8.2.2 the parties (each acting reasonably and consent not to be unreasonably withheld or delayed) shall agree the timing, scope and duration of the audit, inspection or information release together with any specific policies or other steps with which the Customer or third party auditor shall comply (including to protect the security and confidentiality of other customers, to ensure the Supplier is not placed in breach of any other arrangement with any other customer and so as to comply with the remainder of this paragraph 8.2);
8.2.3 all costs of such audit or inspection or responding to such information request shall be borne by the Customer, and the Supplier’s costs, expenses, work and time incurred in connection with such audit or inspection shall be reimbursed by the Customer on a time and materials basis in accordance with the Supplier’s Standard Pricing Terms;
8.2.4 the Customer’s rights under this paragraph 8.2 may only be exercised once in any consecutive 12month period, unless otherwise required by a Supervisory Authority or if the Customer (acting reasonably) believes the Supplier is in breach of this Data Protection Addendum;
8.2.5 the Customer shall promptly (and in any event within [one] Business Day) report any non-compliance identified by the audit, inspection or release of information to the Supplier;
8.2.6 the Customer shall ensure that all information obtained or generated by the Customer or its auditor(s) in connection with such information requests, inspections and a...
Information and Audit. Each Employer shall maintain and provide the appropriate Trustees or their authorized representative(s) with information and records necessary to carry out the purposes of and in connection with the proper administration of the various Funds and shall permit an audit of the Employer's payroll records by authorized representative(s) of the Administrative Office or the Trustees to ascertain whether all contributions due have been paid.
Information and Audit. 6.1 Upon request, Supplier is obliged to provide information in writing about the processing of Cellulant Data, including but not limited to the TOMs implemented and any Sub processors engaged.
6.2 If applicable, Supplier shall maintain and annually renew the security certifications and Personal Data seals and marks set out in EXHIBIT 3. Upon request, Supplier will provide Cellulant with the annual certifications and audit reports from accredited independent third-party auditors concerning the security measures used to provide the Contracted Services.
6.3 Supplier shall allow for and contribute to audits, including inspections, conducted by Cellulant and, if applicable, Other Controller(s) and the respective Supervisory Authorities, or any other auditor mandated by Cellulant and/or Other Controllers to demonstrate compliance with Supplier’s obligations set out in this DPA and the Data Protection Laws applicable to Supplier in the performance of the Contracted Services. Supplier can provide proof of the adherence to an approved code of conduct or an approved certification mechanism, or otherwise provide information to Cellulant which may be used as an element to demonstrate compliance with Supplier’s obligations. Cellulant or Other Controllers may reasonably assure itself of Supplier’s compliance at Supplier's business premises involved in the Processing of Cellulant Data during Supplier's normal business hours after prior notification. Supplier will provide Cellulant and, if applicable, Other Controllers access to Cellulant Data accordingly and/or access to its business premises involved in the Processing of Cellulant Data. To the extent Cellulant is mandating another auditor, such other auditor shall not be a direct competitor of Supplier with regard to the respective Service and shall be bound to confidentiality.
