SECURITY AND AUDITS. 6.1. Provider shall maintain appropriate technical and organizational measures equal or better than those described in Appendix 2 of this DPA and ensure they address the risks associated with transfers of Personal Data. Provider shall regularly monitor compliance with these measures and shall not materially decrease the overall security of the Solution for as long as Provider has Personal Data in its possession.
6.2. Provider shall make available to RSA and/or RSA’s independent third-party auditor, information regarding Provider’s compliance with the obligations set forth in this DPA. Provider shall permit RSA and/or its independent third-party auditor to: (a) audit Provider’s compliance with this DPA, and (b) inspect any Personal Data in the custody, control, or possession of Provider. Provider shall promptly respond to all RSA inquiries with respect to Provider’s handling of Personal Data.
6.3. RSA shall provide thirty (30) days’ notice, in writing, prior to an on-site audit. Before the on-site audit, the parties shall mutually agree upon the scope, timing, and duration of the audit. The audit shall take place during normal business hours. RSA shall notify Provider of any non-compliance discovered during the audit, and Provider shall use commercially reasonable efforts to address the non-compliance.
SECURITY AND AUDITS. HireVue is and shall remain ISO 27001 certified and is audited against SSAE 16 SOC 2 standards by independent third party auditors. Upon request, HireVue shall provide a summary copy of its most recent audit report(s) to Buyer, which reports shall be subject to HireVue's confidentiality terms.
7.3.1 While it is the parties' intention ordinarily to rely on the provision of the security reports and information at 7.3 above to verify HireVue's compliance with this DPA, HireVue shall permit Buyer (or its appointed third party auditors) to carry out an audit of its processing of Personal Data under the Agreement following a Security Incident suffered by HireVue, or upon the lawful instruction of a data protection authority. Buyer must give HireVue reasonable prior notice of such intention to audit, conduct its audit during normal business hours, take all reasonable measures to prevent unnecessary disruption to HireVue's operations and be subject to HireVue's standard confidentiality and security terms.
SECURITY AND AUDITS. Taking into account the state of the art, the Company shall maintain all industry-standard technical and organizational measures required pursuant to Article 32 of the GDPR. Upon Customer’s written request at reasonable intervals (subject to the confidentiality obligations) the Company shall make available to Customer relevant information that is necessary to demonstrate compliance with the obligations laid down in this Section (provided, however, that such information shall only be used by Customer to assess compliance with this Section, and shall not be disclosed to any third party without the Company’s prior written approval). At Customer’s cost and expense, the Company shall allow audits conducted by the Customer or a reputable auditor mandated by Customer and subject to a confidentiality undertaking (and who is not a competitor of the Company), provided that the Parties shall agree on the scope, methodology and timing of such audits and inspections. Notwithstanding anything to the contrary, such audits and/or inspections shall not contain any information, including without limitation, Personal Data that is not controlled by Customer.
SECURITY AND AUDITS. 5.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Agent shall implement appropriate technical and organisational measures to ensure a level of security in respect of the Personal Data appropriate to the risk. In assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by the Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
5.2 The security measures taken by the Agent are listed in Schedule 2. The Agent shall specifically inform the Relevant Controller in writing of any intended changes to that list, thereby giving the Relevant Controller sufficient time to be able to object to such changes prior to the effectuation of the change. The Agent shall provide the Relevant Controller with the information reasonably requested by the Relevant Controller to enable the Relevant Controller to exercise the right to object. In the event the Relevant Controller objects and the Agent cannot comply with the objections made, the Agent shall inform the Relevant Controller hereof in writing as soon as reasonably practicable and the Agent and the Relevant Controller shall as a sole remedy have the termination rights set out in Clause 5.1(b) and 5.2, respectively, of the Deposit Agreement, without any costs or damages being due by any party to this Agreement in connection therewith.
5.3 The Agent shall keep the Personal Data and the conditions under which they are processed in complete confidence and guarantees that its employees with access to the Personal Data are bound to keep the Personal Data and the conditions under which they are processed strictly confidential and will only process the Personal Data to carry out the written instructions of the Relevant Controller for the purposes of the Deposit Agreement.
5.4 The parties to this Agreement must be able to demonstrate compliance with this Agreement. The Agent shall make available to the Transferor, the CBC and the Security Trustee all information requested to demonstrate compliance with this Agreement and shall at the request of the Transferor, the CBC or the Security Trustee allow for and contribute to audits including inspections conducted by...
SECURITY AND AUDITS. 5.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Agent shall implement appropriate technical and organisational measures to ensure a level of security in respect of the Personal Data appropriate to the risk. In assessing the appropriate level of security, account shall be taken in particular of the risks that are presented by the Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
5.2 The security measures taken by the Agent are listed in Schedule 2 and the Agent shall upon request provide a written update thereof to the Transferor, the CBC and the Security Trustee.
5.3 The Agent shall keep the Personal Data in complete confidence and guarantees that its employees with access to the Personal Data are bound to keep the Personal Data strictly confidential and will only process the Personal Data to carry out the written instructions of the Relevant Controller in accordance with the Deposit Agreement.
5.4 The Agent shall make available to the Transferor, the CBC and the Security Trustee all information requested to demonstrate compliance with this Agreement and shall at the request of the Transferor, the CBC and the Security Trustee allow for and contribute to audits including inspections conducted by the Transferor, the CBC and the Security Trustee or a third party or auditor mandated by any of them.
SECURITY AND AUDITS. 7.1 Sourcegraph will implement and maintain appropriate technical and organizational data protection and security measures designed to ensure security of Customer Personal Data, including, without limitation, protection against unauthorized or unlawful processing (including, without limitation, unauthorized or unlawful disclosure of, access to and/or alteration of Customer Personal Data) and against accidental loss, destruction, or damage of or to it.
7.2 Sourcegraph will implement and maintain as a minimum standard the measures set out in Schedule 2. Sourcegraph may update or modify the security measures set out in Schedule 2 from time to time, including (where applicable) following any review by Sourcegraph of such measures in accordance with clause 8.6 of the SCCs, provided that such updates and/or modifications will not reduce the overall level of protection afforded to the Customer Personal Data by Sourcegraph under this DPA.
7.3 With respect to any audits the Parties agree that:
(a) all such audits shall be conducted:
(i) on reasonable written notice to Sourcegraph;
(ii) no more than once per year, unless there are specific indications that require a more frequent audit or or to the extent further audits are required by applicable data protection laws;
(iii) only during Sourcegraph’s normal business hours; and
(iv) in a manner that does not disrupt Sourcegraph‘s business;
(b) the Customer shall:
(i) enter into a confidentiality agreement with Sourcegraph prior to conducting the audit; and
(ii) ensure that its personnel comply with Sourcegraph’s policies and procedures when attending Sourcegraph’s premises, as notified to the Customer by Sourcegraph.
7.4 To conduct such audit, Customer may engage an independent third-party auditor, subject to such auditor complying with the requirements under Clause 7.3 and provided that such auditors is suitably qualified and independent.
7.5 Upon request, Sourcegraph shall provide to Customer documentation reasonably evidencing the implementation of the technical and organizational data security measures in accordance with industry standards.
7.6 Customer will promptly notify Sourcegraph of any non-compliance discovered during the audit.
7.7 Customer shall bear the costs for any audit initiated by Customer, unless the audit reveals material non-compliance with this DPA.
SECURITY AND AUDITS. HireVue shall regularly, and no less than annually, undergo third party audits against ISO 27001 and SSAE 16 SOC 2 standards for its Services. . Upon written request, HireVue shall provide available a summary copy of its most recent audit report(s) to Buyer. Disclosure of any such audit report shall be subject to HireVue's confidentiality terms. HireVue does not currently have third party audits available for its Hiring Assistant Services, but shall provide such third party audit reports, upon written request, when available.
7.3.1 While it is the parties' intention ordinarily to rely on the provision of the security reports and information at 7.3 above to verify HireVue's compliance with this DPA, HireVue shall permit Buyer (or its appointed third-party auditors) to carry out an audit of its processing of Personal Data under the Agreement following a Security Incident suffered by HireVue, or upon the lawful instruction of a data protection authority. Buyer must give HireVue reasonable prior notice of such intention to audit, conduct its audit during normal business hours, take all reasonable measures to prevent unnecessary disruption to HireVue's operations and be subject to HireVue's standard confidentiality and security terms.
SECURITY AND AUDITS. 8.1 SUSE may, by written notice to the Customer, vary the security measures set out at Technical and Organisational Measures Addendum, provided that such variation does not reduce the overall level of protection afforded to the Customer Personal Data by SUSE under this DPA.
8.2 With respect to any audits conducted under clauses 7.6(c) and (d) of the Processor Clauses, the Parties agree that:
(a) all such audits shall be conducted:
(i) on reasonable written notice to SUSE;
(ii) only during SUSE's normal business hours; and
(iii) in a manner that does not disrupt XXXX's business; and
(b) the Customer (or, where applicable, a third party independent auditor appointed by the Customer) shall:
(i) enter into a confidentiality agreement with SUSE prior to conducting the audit in such form as SUSE may request; and
(ii) ensure that its personnel comply with the SUSE's and any sub- processor's policies and procedures when attending the Processor's or sub-processor's premises, as notified to the Customer by the Processor or sub-processor.
SECURITY AND AUDITS. 7.1 With respect to any audits conducted under clauses 8.9(c) and (d) of the SCC, the Parties agree that all such audits shall be conducted:
(a) on reasonable written notice to the Company;
(b) only during the Company's normal business hours; and
(c) in a manner that does not disrupt the Company's business;
7.2 The Customer (or, where applicable, a third party independent auditor appointed by the Customer) shall:
(a) enter into a confidentiality agreement with the Company prior to conducting the audit in such form as the Company may request; and
(b) ensure that its personnel comply with the Company's and any sub-processor's policies and procedures when attending the Company's or sub-processor's premises, as notified to the Customer by the Company or sub-processor.
SECURITY AND AUDITS. 7.1 The Company may, by written notice to the Customer, vary the security measures set out in Schedule 4, including (where applicable) following any review by the Company of such measures in accordance with clause 8.6 of the SCC, provided that such variation does not reduce the overall level of protection afforded to the Customer Personal Data by the Company under this DPA.
7.2 With respect to any audits conducted under clauses 8.9(c) and (d) of the SCC, the Parties agree that:
(a) all such audits shall be conducted:
(i) on reasonable written notice to the Company;
(ii) only during the Company's normal business hours; and
(iii) in a manner that does not disrupt the Company's business;
(b) the Customer (or, where applicable, a third party independent auditor appointed by the Customer) shall:
(i) enter into a confidentiality agreement with the Company prior to conducting the audit in such form as the Company may request; and
(ii) [be able to perform audits on Company's or sub-processor's premises, if Customer has justifiable reason to believe that Company is not complying with this DPA including the SCC, once per year (unless there are specific indications that require a more frequent inspection); and]
(iii) ensure that its personnel comply with the Company's and any sub-processor's policies and procedures when attending the Company's or sub-processor's premises, as notified to the Customer by the Company or sub-processor.
