SECURITY AND AUDITS. 6.1. Provider shall maintain appropriate technical and organizational measures equal or better than those described in Appendix 2 of this DPA and ensure they address the risks associated with transfers of Personal Data. Provider shall regularly monitor compliance with these measures and shall not materially decrease the overall security of the Solution for as long as Provider has Personal Data in its possession.
6.2. Provider shall make available to RSA and/or RSA’s independent third-party auditor, information regarding Provider’s compliance with the obligations set forth in this DPA. Provider shall permit RSA and/or its independent third-party auditor to: (a) audit Provider’s compliance with this DPA, and (b) inspect any Personal Data in the custody, control, or possession of Provider. Provider shall promptly respond to all RSA inquiries with respect to Provider’s handling of Personal Data.
6.3. RSA shall provide thirty (30) days’ notice, in writing, prior to an on-site audit. Before the on-site audit, the parties shall mutually agree upon the scope, timing, and duration of the audit. The audit shall take place during normal business hours. RSA shall notify Provider of any non-compliance discovered during the audit, and Provider shall use commercially reasonable efforts to address the non-compliance.
SECURITY AND AUDITS. HireVue is and shall remain ISO 27001 certified and is audited against SSAE 16 SOC 2 standards by independent third party auditors. Upon request, HireVue shall provide a summary copy of its most recent audit report(s) to Buyer, which reports shall be subject to HireVue's confidentiality terms.
7.3.1 While it is the parties' intention ordinarily to rely on the provision of the security reports and information at 7.3 above to verify HireVue's compliance with this DPA, HireVue shall permit Buyer (or its appointed third party auditors) to carry out an audit of its processing of Personal Data under the Agreement following a Security Incident suffered by HireVue, or upon the lawful instruction of a data protection authority. Buyer must give HireVue reasonable prior notice of such intention to audit, conduct its audit during normal business hours, take all reasonable measures to prevent unnecessary disruption to HireVue's operations and be subject to HireVue's standard confidentiality and security terms.
SECURITY AND AUDITS. Taking into account the state of the art, the Company shall maintain all industry-standard technical and organizational measures required pursuant to Article 32 of the GDPR. Upon Customer’s written request at reasonable intervals (subject to the confidentiality obligations) the Company shall make available to Customer relevant information that is necessary to demonstrate compliance with the obligations laid down in this Section (provided, however, that such information shall only be used by Customer to assess compliance with this Section, and shall not be disclosed to any third party without the Company’s prior written approval). At Customer’s cost and expense, the Company shall allow audits conducted by the Customer or a reputable auditor mandated by Customer and subject to a confidentiality undertaking (and who is not a competitor of the Company), provided that the Parties shall agree on the scope, methodology and timing of such audits and inspections. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that is not controlled by Customer.
SECURITY AND AUDITS. 7.1 Sourcegraph will implement and maintain appropriate technical and organizational data protection and security measures designed to ensure security of Customer Personal Data, including, without limitation, protection against unauthorized or unlawful processing (including, without limitation, unauthorized or unlawful disclosure of, access to and/or alteration of Customer Personal Data) and against accidental loss, destruction, or damage of or to it.
7.2 Sourcegraph will implement and maintain as a minimum standard the measures set out in Schedule 2. Sourcegraph may update or modify the security measures set out in Schedule 2 from time to time, including (where applicable) following any review by Sourcegraph of such measures in accordance with clause 8.6 of the SCCs, provided that such updates and/or modifications will not reduce the overall level of protection afforded to the Customer Personal Data by Sourcegraph under this DPA.
7.3 With respect to any audits the Parties agree that:
(a) all such audits shall be conducted:
(i) on reasonable written notice to Sourcegraph;
(ii) no more than once per year, unless there are specific indications that require a more frequent audit or or to the extent further audits are required by applicable data protection laws;
(iii) only during Sourcegraph’s normal business hours; and
(iv) in a manner that does not disrupt Sourcegraph‘s business;
(b) the Customer shall:
(i) enter into a confidentiality agreement with Sourcegraph prior to conducting the audit; and
(ii) ensure that its personnel comply with Sourcegraph’s policies and procedures when attending Sourcegraph’s premises, as notified to the Customer by Sourcegraph.
7.4 To conduct such audit, Customer may engage an independent third-party auditor, subject to such auditor complying with the requirements under Clause 7.3 and provided that such auditors is suitably qualified and independent.
7.5 Upon request, Sourcegraph shall provide to Customer documentation reasonably evidencing the implementation of the technical and organizational data security measures in accordance with industry standards.
7.6 Customer will promptly notify Sourcegraph of any non-compliance discovered during the audit.
7.7 Customer shall bear the costs for any audit initiated by Customer, unless the audit reveals material non-compliance with this DPA.
SECURITY AND AUDITS. 5.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Agent shall implement appropriate technical and organisational measures to ensure a level of security in respect of the Personal Data appropriate to the risk. In assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by the Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
5.2 The security measures taken by the Agent are listed in Schedule 2 and the Agent shall upon request provide a written update thereof to the Transferor, the CBC and the Security Trustee.
5.3 The Agent shall keep the Personal Data in complete confidence and guarantees that its employees with access to the Personal Data are bound to keep the Personal Data strictly confidential and will only process the Personal Data to carry out the written instructions of the Relevant Controller in accordance with the Deposit Agreement.
5.4 The Agent shall make available to the Transferor, the CBC and the Security Trustee all information requested to demonstrate compliance with this Agreement and shall at the request of the Transferor, the CBC or the Security Trustee allow for and contribute to audits including inspections conducted by the Transferor, the CBC and the Security Trustee or a third party or auditor mandated by any of them.
SECURITY AND AUDITS. 5.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Agent shall implement appropriate technical and organisational measures to ensure a level of security in respect of the Personal Data appropriate to the risk. In assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by the Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
5.2 The security measures taken by the Agent are listed in Schedule 2 The Agent shall specifically inform the Relevant Controller in writing of any intended changes of that list, thereby giving the Relevant Controller sufficient time to be able to object to such changes prior to the effectuation of the change. The Agent shall provide the Relevant Controller with the information reasonably requested by the Relevant Controller to enable the Relevant Controller to exercise the right to object. In the event the Relevant Controller objects and the Agent cannot comply with the objections made, the Agent shall inform the Relevant Controller hereof in writing as soon as reasonably practicable and the Agent and the Relevant Controller shall as a sole remedy have the termination rights set out in Clause 5.1(b) and 5.2, respectively, of the Deposit Agreement, without any costs or damages being due by any party to this Agreement in connection therewith.
5.3 The Agent shall keep the Personal Data and the conditions under which they are processed in complete confidence and guarantees that its employees with access to the Personal Data are bound to keep the Personal Data and the conditions under which they are processed strictly confidential and will only process the Personal Data to carry out the written instructions of the Relevant Controller for the purposes of the Deposit Agreement.
5.4 The parties to this Agreement must be able to demonstrate compliance with this Agreement. The Agent shall make available to the Transferor, the CBC and the Security Trustee all information requested to demonstrate compliance with this Agreement and shall at the request of the Transferor, the CBC and the Security Trustee allow for and contribute to audits including inspections conducted by...
SECURITY AND AUDITS. 15.1 Vendor promptly shall adopt and implement any reasonable security procedures requested by Client to protect confidential information of Client from improper disclosure or use, such procedures to be reasonably acceptable to Client and in compliance with all applicable regulatory requirements.
15.2 Upon twenty four hours notice, Vendor shall from time to time during regular business hours permit Client representatives to perform security audits of Vendor's facilities and equipment, and such other audits as may be necessary to ensure Vendor's compliance with the terms and conditions of this Agreement.
SECURITY AND AUDITS. 6.1. Provider shall maintain appropriate technical and organizational measures equal to or better than those described in Appendix 2 of this DPA and ensure they address the risks associated with transfers of Personal Data. Provider shall regularly monitor compliance with these measures and shall not materially decrease the overall security of the Solution for as long as Provider has Personal Data in its possession.
6.2. Provider shall make available to NetWitness and/or NetWitness’ independent third-party auditor, information regarding Provider’s compliance with the obligations set forth in this DPA. Provider shall permit NetWitness and/or its independent third-party auditor to: (a) audit Provider’s compliance with this DPA, and (b) inspect any Personal Data in the custody, control, or possession of Provider. Provider shall promptly respond to all NetWitness inquiries with respect to Provider’s handling of Personal Data.
6.3. NetWitness shall provide thirty (30) days’ notice, in writing, prior to an on-site audit. Before the on-site audit, the parties shall mutually agree upon the scope, timing, and duration of the audit. The audit shall take place during normal business hours. NetWitness shall notify Provider of any non-compliance discovered during the audit, and Provider shall use commercially reasonable efforts to address the non-compliance.
SECURITY AND AUDITS. 6.1. Provider shall maintain appropriate technical and organizational measures equal or better than those described in Appendix 2 of this DPA. Provider shall regularly monitor compliance with these measures and shall not materially decrease the overall security of the Solution during the term of the Provider Agreement.
6.2. Provider shall make available to SecurID and/or SecurID’s independent third-party auditor, information regarding Provider’s compliance with the obligations set forth in this DPA. Provider shall permit SecurID and/or its independent third-party auditor to: (a) audit Provider’s compliance with this DPA, and (b) inspect any Personal Data in the custody, control, or possession of Provider. Provider shall promptly respond to all SecurID inquiries with respect to Provider’s handling of Personal Data.
6.3. SecurID shall provide thirty (30) days’ notice, in writing, prior to an on-site audit. Before the on-site audit, the parties shall mutually agree upon the scope, timing, and duration of the audit. The audit shall take place during normal business hours. SecurID shall notify Provider of any non-compliance discovered during the audit, and Provider shall use commercially reasonable efforts to address the non-compliance.
SECURITY AND AUDITS. D.8.1 The Customer's internal and external auditors and the Norwegian Financial Supervisory Authority have the right to demand information and reporting, and have the right to access and to demand information about Maestro Soft's operations, to the extent that it is relevant for the services provided under the Agreement. This right applies similarly to Maestro Soft's subcontractors. The right to audit and control will be linked to Maestro Soft's compliance with legal and contractual obligations, the performance of the service and Maestro Soft's business in general as far as it is linked to the service delivery.
D.8.2 The Customer's need for access is primarily sought to be met through access to independent audit arrangements, such as SOC I, II and III reports, ISO certifications, etc. If the Customer's statutory obligations to provide risk management and internal control with outsourced operations are not satisfactorily covered through independent audit arrangements or other documentation from Maestro Soft, an on-site audit can be carried out.
D.8.3 Implementation of the right of access: The time and scope of the audit must be agreed between the Parties before access is granted. The Customer's carrying out of the audit or inspection requires a signed non-disclosure agreement. Information regarding the Customer's competitors, Maestro Soft's business secrets and other Customer data will in all cases not be covered by the right of access.
D.8.4 Reasonable expenses for work and costs in connection with audit and control as mentioned in sections D.8.1 and 8.3 shall be compensated by the Customer according to the time elapsed as consultancy assistance, as shown in Maestro Soft's price list as it is available on the Website at all times. Remuneration for inspection of documentation as mentioned in section D.8.2 is agreed separately but will usually be free of charge in regard to Maestro Soft's own documents.