Security Reports and Audits Sample Clauses

Security Reports and Audits. 12.1. Upon request, MailerLite shall supply, on a confidential basis, a copy of its audit reports to Customer, so that Customer can verify MailerLite's compliance with the audit standards and this Agreement. 12.2. MailerLite shall also provide written responses, on a confidential basis, to all Customer’s reasonable requests for information to confirm MailerLite's compliance with this Agreement. 12.3. Upon becoming aware of any unauthorized or unlawful breach of security, MailerLite shall notify Customer without undue delay and shall provide timely information as it becomes known or as is reasonably requested by Customer.

Security Reports and Audits. (a) To the extent Customer’s audit requirements under the Standard Contractual Clauses or Data Protection Legislation cannot reasonably be satisfied through (i) audit reports provided by iManage, (ii) documentation, or (iii) other compliance information that iManage makes generally available to its customers, iManage will, not more than one time per calendar year, promptly respond to Customer’s audit requests. Before the commencement of an audit, Customer and iManage will mutually agree upon the scope, timing, duration, control and evidence requirements, and fees for the audit, provided that this requirement to agree will not permit iManage to unreasonably delay performance of the audit. To the extent needed to perform the audit, iManage will make the processing systems, facilities and supporting documentation relevant to the Processing of Customer Data and Personal Data by iManage, its Affiliates, and its Sub-Processors (where possible) available. Such an audit will be conducted by an independent, accredited third-party audit firm, during regular business hours, with reasonable advance notice to iManage (not less than twenty days), and subject to reasonable confidentiality and security procedures. Neither Customer nor the auditor shall have access to any data from iManage’s other customers or to iManage systems or facilities not involved in the Services. Customer is responsible for all costs and fees related to such audit, including all reasonable costs and fees for any and all time iManage expends for any such audit, in addition to the rates for services performed by iManage. If the audit report generated as a result of Customer’s audit includes any finding of material non-compliance, Customer shall share such audit report with iManage and iManage shall promptly cure any material non-compliance. (b) If the Standard Contractual Clauses apply, then this paragraph is in addition to Clause 5 paragraph f and Clause 12 paragraph 2 of the Standard Contractual Clauses. Nothing in this paragraph varies or modifies the Standard Contractual Clauses or affects any Supervisory Authority’s or Data Subject’s rights under the Standard Contractual Clauses or Data Protection Legislation.

Security Reports and Audits. 7.1 Lookout is audited against data protection and information security standards ISO27001 on an annual schedule by independent third-party auditors. Upon request, Lookout shall supply (on a confidential basis) a summary copy of its audit report(s) ("Report") to Customer, so that Customer can verify Lookout's compliance with the audit standards against which it has been assessed, and this DPA. 7.2 Lookout shall also provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires that are necessary to confirm Lookout's compliance with this DPA, provided that Customer shall not exercise this right more than once per year. The parties agree that Customer shall exercise its audit rights under the Standard Contractual Clauses by instructing Lookout to comply with the audit measures described in this Section 7.

Security Reports and Audits. 2.1 Where the Processor is audited against PCI standards, it shall supply (on a confidential basis) a copy of its annual attestation of compliance and certificate of compliance ("Reports") to Controller within 5 Business Days of Controller’s written request, to enable Controller verify Processor's compliance with the audit standards against which it has been assessed and this Agreement. 2.2 In addition to the Reports, Processor shall respond to all reasonable requests for information made by Controller to confirm Processor's compliance with this Agreement, including responses to information security, due diligence, and audit questionnaires, by making additional information available regarding its information security program upon Controller’s written request, provided that Controller shall not exercise this right more than once per calendar year. 2.3 Where the Processor is not audited against PCI standards, the Processor shall allow for audit inspections by Controller or Controller’s nominated consultant in order to assess compliance with this Agreement and Data Protection Laws. Processor shall also make available to Controller all information reasonably necessary to demonstrate compliance with this Agreement and the Data Protection Laws. 2.4 In addition to the audit inspections, Processor, shall respond to all reasonable requests for information made by Controller or Controller’s consultant to confirm Processor's compliance with this Agreement, including responses to information security, due diligence, and audit questionnaires, by making additional information available regarding its information security program upon Controller’s or Controller’s consultant written request.

Security Reports and Audits a. Audit Rights. Retrium shall make available to Customer all information reasonably necessary to demonstrate compliance with this Addendum and allow for and contribute to audits, including inspections by Customer in order to assess compliance with this Addendum. Customer acknowledges and agrees that it shall exercise its audit rights under this Addendum (including this Section 5a and where applicable, the Standard Contractual Clauses) and any audit rights granted by Data Protection Laws, by instructing Retrium to comply with the audit measures described in Sections 5b – 5d below.

Security Reports and Audits. Any provision of security attestation or audit reports shall take place in accordance with Customer’s rights under the Agreement. If the Agreement does not include a provision regarding security attestation or audit reports, iManage shall (a) maintain security practices and policies for the protection of Customer Data as set forth in the written data security policy for the Cloud Services, and (b) upon Customer’s request (not more than one time per calendar year), and subject to the confidentiality and non-disclosure obligations set forth in the Agreement, iManage shall make available to Customer information regarding iManage’s compliance with the obligations set forth in the Agreement and this DPA in the form of iManage’s ISO 27001 certification and/or SOC 2 or SOC 3 reports. If the Agreement does not include audit rights, iManage shall allow Customer (or an independent third-party auditor appointed by Customer), at Customer’s sole cost and expense, upon Customer’s written request at reasonable intervals, to conduct an audit of the procedures relevant to the protection of Customer Personal Data, subject to the confidentiality provisions of the Agreement. Customer and iManage will discuss and agree in advance on the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any audit and Customer shall take all necessary steps to minimize the disruption to iManage’s business. iManage may elect to provide Customer with documents and records demonstrating its compliance with the obligations of this DPA and Customer shall refrain from exercising its audit right if the records are sufficient to demonstrate compliance with this DPA. Neither Customer nor any independent third-party auditor appointed by Customer shall have access to any data from iManage’s other customers or to iManage’s systems or facilities not involved in the Cloud Services.

Security Reports and Audits. 5.1 Supplier shall maintain records of its security standards. Supplier shall provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm Supplier's compliance with this DPA, provided that Customer shall not exercise this right more than once per year. 5.2 Supplier may assert a claim for remuneration for enabling these inspections.

Security Reports and Audits. At Customer’s request to the Tripwire Data Privacy Contact, Tripwire shall provide a copy of its most current available SOC2 audit report, if any, subject to the confidentiality terms of the Agreement. At Customer’s request to the Tripwire Data Privacy Contact, Tripwire shall allow Customer (or Customer’s independent third party auditor) to conduct an on-site audit of the procedures relevant to the protection of Personal Data, subject to the confidentiality provisions of the Agreement. Customer and Tripwire will discuss and agree in advance on the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit. Tripwire reserves the right to charge a fee (based on Tripwire’s reasonable costs) for any such audit, and Tripwire will provide further details of any applicable fee and the basis of its calculation to Customer in advance of such audit. Tripwire will also cooperate with any audit if and when required by instruction of a competent data protection authority under Applicable Data Protection Law, without fee.

Security Reports and Audits. 5.1 Audit rights. Mailchimp shall make available to Customer all information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections by Customer in order to assess compliance with this DPA. Customer acknowledges and agrees that it shall exercise its audit rights under this DPA (including this Section 5.1 and where applicable, the SCCs) by instructing Mailchimp to comply with the audit measures described in Sections 5.2 and 5.3 below. 5.2 Security reports. Customer acknowledges that Mailchimp is regularly audited against SSAE 16 and PCI standards by independent third party auditors and internal auditors respectively. Upon written request, Mailchimp shall supply (on a confidential basis) a summary copy of its most current audit report(s) ("Report") to Customer, so that Customer can verify Mailchimp's compliance with the audit standards against which it has been assessed and this DPA.