Common use of Information and Audit Clause in Contracts

Information and Audit. Promptly upon request, the Contractor shall provide to the Authority such information and records in connection with the Contractor’s obligations under this Schedule 11 as the Authority may request. The Contractor agrees (and procures that its sub-contractors agree) that the Authority, its agents and its representatives may conduct such audits as are considered necessary by the Authority acting reasonably, including for the following purposes: to ascertain the impact of any Cyber Security Incident; to review and verify the integrity, confidentiality and security of any data relating to the Framework Agreement; or to review the Contractor's and/or any sub-contractor’s compliance with its obligations under this Schedule 11. The Contractor shall (and shall ensure that any sub-contractor shall) provide the Authority, its agents and representatives with all reasonable co-operation and assistance in relation to audits, including: all data and/or records requested by the Authority; access to any relevant premises and to any equipment owned/controlled by the Contractor, any associated or group company and any sub-contractor and, where such premises and/or equipment are outwith the control of the Contractor, shall secure sufficient rights of access for the Authority, its agents and representatives as are necessary to allow audits to take place; and access to any relevant individuals. The Authority shall use its reasonable endeavours to: provide at least [10 days’] notice of its intention to conduct an audit (but is not obliged to do so); and ensure that the conduct of each audit does not unreasonably disrupt the Contractor and/or sub-contractor or delay the performance of the Framework Agreement. The parties shall bear their own respective costs and expenses incurred in respect of compliance with their obligations under this paragraph 4 [unless an audit identifies a breach of the terms of this Schedule 11 by the Contractor and/or sub-contractor, in which case the Contractor shall reimburse the Authority on demand for all the Authority's reasonable costs and expenses incurred in conducting the audit.] Guidance notes: The Contractor may not be able to facilitate an audit of its sub-contractors in all cases, (for example, this may not be possible if the contractor is using some major public cloud providers). In such circumstances, the Authority should consider carefully its requirements with regard to assurance. A breach of this Schedule 11 by the Contractor is a material breach for the purposes of clause 42 (Termination Rights). If the Contractor fails to comply with the provisions of this Schedule 11 , the Authority may take any action it considers appropriate or necessary (and the Contractor shall comply with the Authority’s requests in this respect), including: suspending the whole or any part of the Contractor's obligations under the Framework Agreement; requiring that specific sub-contractors connected with such breach be removed from their involvement with the Services and this Agreement and cease to have any access to the Purchaser’s Protected Information and any Personal Data Processed in connection with the Services under the Framework Agreement; requesting the Contractor return and/or arrange the evidenced secure and permanent destruction of the Purchaser’s Protected Information and any Personal Data Processed in connection with the Services under the Framework Agreement; and implementing additional or alternative measures, both technical and organisational, to protect and secure the Purchaser’s Protected Information and any Personal Data Processed in connection with the Services under the Framework Agreement.

Information and Audit. Promptly upon request, the Contractor Service Provider shall provide to the Authority Purchaser such information and records in connection with the ContractorService Provider’s obligations under this Schedule 11 as the Authority Purchaser may request. The Contractor Service Provider agrees (and procures that its sub-contractors agree) that the AuthorityPurchaser, its agents and its representatives may conduct such audits as are considered necessary by the Authority Purchaser acting reasonably, including for the following purposes: to ascertain the impact of any Cyber Security Incident; to review and verify the integrity, confidentiality and security of any data relating to the Framework AgreementContract; or to review the Contractor's Service Providers and/or any sub-contractor’s compliance with its obligations under this Schedule 11. The Contractor Service Provider shall (and shall ensure that any sub-contractor shall) provide the AuthorityPurchaser, its agents and representatives with all reasonable co-operation and assistance in relation to audits, including: all data and/or records requested by the AuthorityPurchaser; access to any relevant premises and to any equipment owned/controlled by the ContractorService Provider, any associated or group company and any sub-contractor and, where such premises and/or equipment are outwith the control of the ContractorService Provider, shall secure sufficient rights of access for the AuthorityPurchaser, its agents and representatives as are necessary to allow audits to take place; and access to any relevant individuals. The Authority Purchaser shall use its reasonable endeavours to: provide at least [10 days’] notice of its intention to conduct an audit (but is not obliged to do so); and ensure that the conduct of each audit does not unreasonably disrupt the Contractor Service Provider and/or sub-contractor or delay the performance of the Framework AgreementContract. The parties shall bear their own respective costs and expenses incurred in respect of compliance with their obligations under this paragraph 4 [unless an audit identifies a breach of the terms of this Schedule 11 by the Contractor Service Provider and/or sub-contractor, in which case the Contractor Service Provider shall reimburse the Authority Purchaser on demand for all the AuthorityPurchaser's reasonable costs and expenses incurred in conducting the audit.] ]. Guidance notes: The Contractor Service Provider may not be able to facilitate an audit of its sub-contractors in all cases, (for example, this may not be possible if the contractor Service Provider is using some major public cloud providers). In such circumstances, the Authority Purchaser should consider carefully its requirements with regard to assurance. A breach of this Schedule 11 by the Contractor Service Provider is a material breach for the purposes of clause 42 57.1.3 (Termination Rights). If the Contractor Service Provider fails to comply with the provisions of this Schedule 11 11, the Authority Purchaser may take any action it considers appropriate or necessary (and the Contractor Service Provider shall comply with the AuthorityPurchaser’s requests in this respect), including: suspending the whole or any part of the ContractorService Provider's obligations under the Framework AgreementContract; requiring that specific sub-contractors connected with such breach be removed from their involvement with the Services and this Agreement the Contract and cease to have any access to the Purchaser’s Protected Information and any Personal Data Processed in connection with the Services under the Framework AgreementContract; requesting the Contractor Service Provider return and/or arrange the evidenced secure and permanent destruction of the Purchaser’s Protected Information and any Personal Data Processed in connection with the Services under the Framework AgreementContract; and implementing additional or alternative measures, both technical and organisational, to protect and secure the Purchaser’s Protected Information and any Personal Data Processed in connection with the Services under the Framework AgreementContract.

Information and Audit. 4.1 Promptly upon request, the Contractor Service Provider shall provide to the Authority Purchaser such information and records in connection with the ContractorService Provider’s obligations under und er this Schedule 11 as the Authority Purchaser may request. . 4.2 The Contractor Service Provider agrees (and procures that its sub-contractors agree) that the AuthorityPurchaser, its agents and its representatives may conduct such audits as are considered necessary by the Authority Purchaser acting reasonably, including for the following purposes: : (a) to ascertain the impact of any Cyber Security Incident; ; (b) to review and verify the integrity, confidentiality and security of any data relating to the Framework AgreementContract; or or (c) to review the Contractor's Service Providers and/or any sub-contractor’s compliance with its obligations under this Schedule 11. . 4.3 The Contractor Service Provider shall (and shall ensure that any sub-contractor shall) provide the AuthorityPurchaser, its agents and representatives with all reasonable co-operation and assistance in relation to audits, including: : (a) all data and/or records requested by the Authority; Purchaser; (b) access to any relevant premises and to any equipment owned/controlled by b y the ContractorService Provider, any associated or group company and any sub-contractor andand , where such premises and/or equipment are outwith the control of the ContractorService Provider, shall secure sufficient rights of access for the AuthorityPurchaser, its agents and representatives as are necessary to allow audits to take place; and and (c) access to any relevant individuals. . 4.4 The Authority Purchaser shall use its reasonable endeavours to: : (a) provide at least [10 days’] notice of its intention to conduct an audit aud it (but b ut is not obliged to do so); and and (b) ensure that the conduct of each audit does not unreasonably disrupt the Contractor Service Provider and/or sub-contractor or delay the performance of the Framework Agreement. Contract. 4.5 The parties shall bear their own respective costs and expenses incurred in respect of compliance with their obligations under this paragraph 4 [unless an audit identifies a breach of the terms of this Schedule 11 by the Contractor Service Provider and/or sub-contractor, in which case the Contractor Service Provider shall reimburse the Authority Purchaser on demand for all the AuthorityPurchaser's reasonable costs and expenses incurred in conducting the audit].] Guidance notes: The Contractor may not be able to facilitate an audit of its sub-contractors in all cases, (for example, this may not be possible if the contractor is using some major public cloud providers). In such circumstances, the Authority should consider carefully its requirements with regard to assurance. A breach of this Schedule 11 by the Contractor is a material breach for the purposes of clause 42 (Termination Rights). If the Contractor fails to comply with the provisions of this Schedule 11 , the Authority may take any action it considers appropriate or necessary (and the Contractor shall comply with the Authority’s requests in this respect), including: suspending the whole or any part of the Contractor's obligations under the Framework Agreement; requiring that specific sub-contractors connected with such breach be removed from their involvement with the Services and this Agreement and cease to have any access to the Purchaser’s Protected Information and any Personal Data Processed in connection with the Services under the Framework Agreement; requesting the Contractor return and/or arrange the evidenced secure and permanent destruction of the Purchaser’s Protected Information and any Personal Data Processed in connection with the Services under the Framework Agreement; and implementing additional or alternative measures, both technical and organisational, to protect and secure the Purchaser’s Protected Information and any Personal Data Processed in connection with the Services under the Framework Agreement.