SECURITY AND AUDITS. 6.1. Provider shall maintain appropriate technical and organizational measures equal or better than those described in Appendix 2 of this DPA and ensure they address the risks associated with transfers of Personal Data. Provider shall regularly monitor compliance with these measures and shall not materially decrease the overall security of the Solution for as long as Provider has Personal Data in its possession. 6.2. Provider shall make available to RSA and/or RSA’s independent third-party auditor, information regarding Provider’s compliance with the obligations set forth in this DPA. Provider shall permit RSA and/or its independent third-party auditor to: (a) audit Provider’s compliance with this DPA, and (b) inspect any Personal Data in the custody, control, or possession of Provider. Provider shall promptly respond to all RSA inquiries with respect to Provider’s handling of Personal Data. 6.3. RSA shall provide thirty (30) days’ notice, in writing, prior to an on-site audit. Before the on-site audit, the parties shall mutually agree upon the scope, timing, and duration of the audit. The audit shall take place during normal business hours. RSA shall notify Provider of any non-compliance discovered during the audit, and Provider shall use commercially reasonable efforts to address the non-compliance.
Appears in 3 contracts
Samples: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum
SECURITY AND AUDITS. 6.1. Provider shall maintain appropriate technical and organizational measures equal or better than those described in Appendix 2 of this DPA and ensure they address the risks associated with transfers of Personal DataDPA. Provider shall regularly monitor compliance with these measures and shall not materially decrease the overall security of the Solution for as long as during the term of the Provider has Personal Data in its possessionAgreement.
6.2. Provider shall make available to RSA and/or RSA’s independent third-party auditor, information regarding Provider’s compliance with the obligations set forth in this DPA. Provider shall permit RSA and/or its independent third-party auditor to: (a) audit Provider’s compliance with this DPA, and (b) inspect any Personal Data in the custody, control, or possession of Provider. Provider shall promptly respond to all RSA inquiries with respect to Provider’s handling of Personal Data.
6.3. RSA shall provide thirty (30) days’ notice, in writing, prior to an on-site audit. Before the on-site audit, the parties shall mutually agree upon the scope, timing, and duration of the audit. The audit shall take place during normal business hours. RSA shall notify Provider of any non-compliance discovered during the audit, and Provider shall use commercially reasonable efforts to address the non-compliance.
Appears in 2 contracts
Samples: Data Processing Addendum, Data Protection Agreement
SECURITY AND AUDITS. 6.1. Provider shall maintain appropriate technical and organizational measures equal or better than those described in Appendix 2 of this DPA and ensure they address the risks associated with transfers of Personal DataDPA. Provider shall regularly monitor compliance with these measures and shall not materially decrease the overall security of the Solution for as long as during the term of the Provider has Personal Data in its possessionAgreement.
6.2. Provider shall make available to RSA NetWitness and/or RSA’s NetWitness’ independent third-party auditor, information regarding Provider’s compliance with the obligations set forth in this DPA. Provider shall permit RSA NetWitness and/or its independent third-party auditor to: (a) audit Provider’s compliance with this DPA, and (b) inspect any Personal Data in the custody, control, or possession of Provider. Provider shall promptly respond to all RSA NetWitness inquiries with respect to Provider’s handling of Personal Data.
6.3. RSA NetWitness shall provide thirty (30) days’ notice, in writing, prior to an on-site audit. Before the on-site audit, the parties shall mutually agree upon the scope, timing, and duration of the audit. The audit shall take place during normal business hours. RSA NetWitness shall notify Provider of any non-compliance discovered during the audit, and Provider shall use commercially reasonable efforts to address the non-compliance.
Appears in 1 contract
Samples: Data Processing Addendum