Common use of Records; Audit Clause in Contracts

Records; Audit. 13.12.1 All records used or generated under this Agreement are the property of Prudential. As part of the Services, Vendor agrees to keep and maintain all records used or generated under this Agreement as required for Prudential to comply with applicable laws and regulations, in accordance with generally accepted industry standards and Prudential's record retention requirements and Policies as communicated to Vendor from time to time. Vendor further agrees to comply with any record hold orders issued by Prudential requiring preservation of certain records for legal, regulatory or other purposes. Vendor must maintain a system to reasonably safeguard Prudential's records from loss, alteration or destruction. During the Retention Period, Vendor shall store one electronic copy of all such records on computer storage media separate and apart from the original copies and segregated from the records of any other of Vendor's customers. Vendor must provide for reasonably prompt access and hard-copy reproduction of any record so maintained. 13.12.2 Vendor agrees to keep and maintain all records used or generated under this Agreement during the Retention Period. At no additional charge to Prudential, Vendor and its agents shall, as and when reasonably requested by Prudential or any regulatory agency acting pursuant to applicable laws, rules and regulations, at all reasonable times and from time to time, during the Retention Period, (I) make such records available for inspection by such person or persons as Prudential designates as its authorized representatives, who shall have the right to take copies of or extracts from any records kept pursuant to this Agreement, (ii) permit Prudential's authorized representatives or such regulatory agency to examine and make copies of that portion of any Vendor's external audit opinions (including, but not limited to, the external auditor's management letter, SAS 70 Type II audit reports prepared in accordance with Statement of Auditing Standards No. 70, and other reports) which relates to Vendor's provision of Services under this Agreement, Vendor's privacy, data and information security procedures and controls, and Vendor's compliance with information security provisions, (iii) give Prudential's authorized representatives reasonable access, during regular business hours to Vendor's officers, employees and other representatives, including attorneys, accountants and others, in connection with such audit, and (iv) provide such computer access, office space and furniture and telephone, photocopying and electric service as may be necessary or advisable for Prudential's authorized representatives to conduct such an audit. Prudential acknowledges that it will not be provided access to any confidential information that belongs to vendor's other customers. At the end of the Retention Period, Vendor will deliver two copies of all retained records in an electronic format reasonably acceptable to Prudential. 13.12.3 Vendor shall submit written reports on the progress of the Services performed hereunder and Vendor's compliance with the terms of this Agreement at least weekly, or when and as requested by Prudential. 13.12.4 If Prudential requires a copy of Vendor's end-to-end Type II SAS 70 audit of Vendor's provision of the Services, Vendor's privacy, data and information security procedures and controls, or Vendor's operations in order to comply with Prudential's legal and regulatory obligations, Vendor shall provide a copy to Prudential at no charge and as soon as reasonably practicable following Prudential's request, but no later than the date necessary for Prudential and its officers and auditors to rely on such audit report for the purpose of giving the certifications and opinions required under applicable law, including, without limitation, U.S. Securities laws. If Vendor engages an external auditor to conduct an end-to-end Type II SAS 70 audit of Vendor's operations, its privacy, data and information security procedures and controls, or its provision of the Services, Vendor shall provide a copy to Prudential as soon as reasonably practicable following Vendor's receipt thereof; such audit shall also report on each of vendor's subcontractors and each location where Vendor furnishes the Services. 13.12.5 If an auditor or certified public accountant determines that Vendor has overcharged or underpaid Prudential, Vendor shall promptly pay to prudential the amount of the overcharge or underpayment plus interest thereon at the rate of five percent (5%) per annum from the date of the overcharge or underpayment. The costs of the audit shall be borne by Prudential unless the overcharge or underpayment exceeds ten percent (10%), in which event Vendor shall bear the direct out-of-pocket costs of such audit.

Records; Audit. 13.12.1 19.11.1 All records used Prudential Records are at all times Prudential's property whether in the possession of Service Provider or generated under this Agreement are the property of Prudentialotherwise. As part of the Services, Vendor Service Provider agrees to keep and maintain all records used or generated under this Agreement as Prudential Records required for Prudential to comply with applicable laws and regulationsthe Law, in accordance with generally accepted industry standards and Prudential's record retention requirements and other Prudential Policies as communicated to Vendor Service Provider from time to time. Vendor Service Provider further agrees to comply with any record hold orders issued by Prudential requiring preservation of certain records Prudential Records for legal, regulatory or other purposes. Vendor Service Provider must maintain maintain, at its own cost and expense, a system to reasonably safeguard Prudential's records Prudential Records from loss, alteration or destruction. During the Retention Period, Vendor shall store one electronic copy of all destruction and will ensure that such records on computer storage media separate and apart from the original copies and segregated from Prudential Records are not commingled (or are logically separated) with the records of any Service Provider’s other of Vendor's customers. Vendor must Service Provider shall provide for reasonably prompt access to, and hard-copy reproduction of, any Prudential Record. At the end of any record so maintained. 13.12.2 Vendor agrees to keep and maintain all records used or generated under this Agreement during the Retention Period. , in accordance with Section 9.7.2, and upon Prudential’s written request, Service Provider shall deliver one copy of all retained - Prudential Confidential- Prudential Records in the physical format (i.e., electronic or hard copy) in which such Prudential Records were received from Prudential. 19.11.2 At no additional charge to Prudential, Vendor and its agents Service Provider shall, as and when reasonably so requested by Prudential or any regulatory agency acting pursuant to applicable laws, rules and regulationsPrudential, at all reasonable times and from time to time, time during the Retention Period, (Ia) make such records the Prudential Records available for inspection by such person or persons as Prudential designates as its authorized representatives, who shall have the right to take copies of or extracts from any records kept pursuant to this Agreementsuch Prudential Records, (iib) permit Prudential's authorized representatives or such regulatory agency to examine and make copies of that portion of any Vendorof Service Provider's external audit reports and opinions (including, but not limited to, including the external auditor's management letterletters, SAS 70 SSAE 16 SOC 2 Type II audit reports prepared in accordance with Statement of Auditing Standards for Attestation Engagements No. 70, and other reports16) or an agreed-upon procedure report which relates to VendorService Provider's provision of the Services under this Agreement, Vendor's privacy, data and information security procedures and controls, and VendorService Provider's compliance with information security provisionsthe Security Regulations, (iiic) give Prudential's authorized representatives reasonable access, during regular business hours hours, to VendorService Provider's local officers, employees and other representatives, including attorneys, accountants and others, representatives in connection with such audit, audit and (ivd) provide such computer access, office space and furniture and telephone, photocopying and electric service as may be necessary or advisable for Prudential's authorized representatives to conduct such an audit. Service Provider agrees to comply with any additional requests Prudential acknowledges that it will not be provided access to any confidential information that belongs to vendor's other customers. At the end of may make during the Retention Period, Vendor will deliver two copies of all retained records in an electronic format reasonably acceptable to Prudential. 13.12.3 Vendor shall submit written reports on the progress of the Services performed hereunder and Vendor's compliance with the terms of this Agreement at least weekly, or when and as requested by Prudential. 13.12.4 If Prudential requires a copy of Vendor's end-to-end Type II SAS 70 audit of Vendor's provision of the Services, Vendor's privacy, data and information security procedures and controls, or Vendor's operations Period in order to comply with the Law. 19.11.3 Prudential may, or may have its authorized representatives, audit the Service Provider Records, Service Provider Service Locations and other records relating to Service Provider's provision of the Services at any time during the Term, but not more often than once annually. Service Provider shall give Prudential's legal authorized representatives complete access, during Service Provider's regular business hours, to Service Provider Records and regulatory obligationsto Service Provider's officers, Vendor employees and other representatives in connection with any such audit by Prudential. 19.11.4 If, as a result of any audit performed by Prudential or its authorized representatives under this Agreement, Prudential determines that Service Provider has overcharged or not properly credited Prudential, Service Provider shall promptly pay to Prudential the amount of the overcharge or credit. The costs of any audits performed by Prudential and its authorized representatives shall be borne by Prudential unless the overcharge or credit exceeds $75,000, in which event Service Provider shall bear the direct out of pocket costs of such audit (not to exceed $25,000). 19.11.5 If, as a result of any audit performed by Prudential or its authorized representatives under this Agreement, Prudential determines that Service Provider is not in compliance with this Agreement or Law, Service Provider shall promptly correct such noncompliance. Corrections required to remedy non-compliance with Law will follow the parameters set forth in Section 3.6.2 above. All other non-compliance issues should be remedied within five (5) business days of Service Provider’s receipt of written notice; provided, however, if it is not feasible to complete any remediation within five (5) business days, Service Provider shall provide Prudential with a copy plan for correcting such noncompliance within such 72-hour period, for Prudential's review and approval, with such remediation or cure to Prudential be completed no later than thirty (30) days thereafter. 19.11.6 Service Provider shall engage, on a yearly basis during the Term, at no charge its sole cost and as expense, an external auditor to conduct a SSAE 16 SOC 2 Type II report prepared in accordance with Standards for Attestation Engagements No. 16 or an agreed-upon procedure report which relates to Service Provider's provision of the Services and Service Provider's compliance with the Security Requirements. As soon as reasonably practicable following PrudentialService Provider's requestreceipt of such report during the Term, but no later than the that date necessary for Prudential and its officers - Prudential Confidential- and auditors to rely on such audit report for the purpose purposes of giving the certifications and opinions required under applicable lawLaws, includingincluding U.S. securities Laws, without limitationService Provider shall provide Prudential and its external auditors with a copy of such report to the extent related to the provision or receipt of the Services. 19.11.7 In addition to any rights afforded to Prudential under this Section, U.S. Securities laws. If Vendor engages an external auditor to conduct an endPrudential or its designated representatives may attend any or all of the Service Provider’s In-toDepth Conferences, which provide detailed audit information and in-end Type II SAS 70 audit of Vendor's operations, its privacy, data and depth in-person discussions with Service Provider’s senior executive team regarding Service Provider’s information security procedures and risk management processes and system testing results. The In-Depth Conferences provide Prudential with comprehensive vendor diligence information, including (i) a thorough, interactive review of Service Provider’s enterprise-wide security and system controls, or its provision and (ii) specific assessments of industry standards and best practices for financial technology information security and risk management. Currently, Service Provider offers four (4) In-Depth Conferences each year, with clients attending a two-day event onsite at different Service Provider facilities. As part of the Services, Vendor shall Service Provider will also provide a copy Prudential or its designated representatives with access to Prudential as soon as reasonably practicable following Vendor's receipt thereof; such audit shall also report on each of vendor's subcontractors its Service Provider portal and each location where Vendor furnishes the Servicesgovernance site. 13.12.5 If an auditor or certified public accountant determines that Vendor has overcharged or underpaid Prudential, Vendor shall promptly pay to prudential the amount of the overcharge or underpayment plus interest thereon at the rate of five percent (5%) per annum from the date of the overcharge or underpayment. The costs of the audit shall be borne by Prudential unless the overcharge or underpayment exceeds ten percent (10%), in which event Vendor shall bear the direct out-of-pocket costs of such audit.