Security Reports and Audits. 7.1 Customer acknowledges that MailChimp is regularly audited against SSAE 16 and PCI standards by independent third party auditors and internal auditors, respectively. Upon request, MailChimp shall supply (on a confidential basis) a summary copy of its audit report(s) ("Report") to Customer, so that Customer can verify MailChimp's compliance with the audit standards against which it has been assessed, and this DPA.
7.2 MailChimp shall also provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires that are necessary to confirm MailChimp's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.
Security Reports and Audits. 12.1. Upon request, MailerLite shall supply, on a confidential basis, a copy of its audit reports to Customer, so that Customer can verify MailerLite's compliance with the audit standards and this Agreement.
12.2. MailerLite shall also provide written responses, on a confidential basis, to all Customer’s reasonable requests for information to confirm MailerLite's compliance with this Agreement.
12.3. Upon becoming aware of any unauthorized or unlawful breach of security, MailerLite shall notify Customer without undue delay and shall provide timely information as it becomes known or as is reasonably requested by Customer.
Security Reports and Audits. 7.1 Customer acknowledges that Pleo is regularly audited against PCI standards by independent third party auditors and internal auditors, respectively.
7.2 Pleo shall provide written responses (on a confidential basis) to reasonable requests for information made by Customer, including responses to information security and audit questionnaires that are necessary to confirm Pleo's compliance with this DPA, provided that Customer shall not exercise this right more than once per year. Depending on the volume of request, certain lead time is to be expected.
7.3 Upon Customer’s request, and subject to the confidentiality obligations set forth in the data processing addendum, Pleo shall make available to Customer that is not a competitor of Pleo (or Customer’s independent, third party auditor that is not a competitor of Pleo) information regarding Pleo’s compliance with the obligations set forth in the DPA. Customer is entitled to contact Pleo to request an onsite audit of the architecture, systems and procedures relevant to the protection of Personal Data at locations where Personal Data is stored. Customer shall reimburse Pleo for any time expended by Pleo or its third party Subprocessors for any such onsite audit at Pleo’s then current professional services rates, which shall be made available to Customer upon request. Before the commencement of any such onsite audit, Customer and Pleo shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All costs will be documented, and reimbursement rates shall be reasonable, taking into account the resources expended by Pleo, or its third party Subprocessors. Customer shall promptly notify Pleo with information regarding any noncompliance discovered during the course of an audit. This procedure may be instigated a maximum of once per year and with a minimum of ninety (90) days notice to Pleo.
Security Reports and Audits. 2.1 Where the Processor is audited against PCI standards, it shall supply (on a confidential basis) a copy of its annual attestation of compliance and certificate of compliance ("Reports") to Controller within 5 Business Days of Controller’s written request, to enable Controller verify Processor's compliance with the audit standards against which it has been assessed and this Agreement.
2.2 In addition to the Reports, Processor shall respond to all reasonable requests for information made by Controller to confirm Processor's compliance with this Agreement, including responses to information security, due diligence, and audit questionnaires, by making additional information available regarding its information security program upon Controller’s written request, provided that Controller shall not exercise this right more than once per calendar year.
2.3 Where the Processor is not audited against PCI standards, the Processor shall allow for audit inspections by Controller or Controller’s nominated consultant in order to assess compliance with this Agreement and Data Protection Laws. Processor shall also make available to Controller all information reasonably necessary to demonstrate compliance with this Agreement and the Data Protection Laws.
2.4 In addition to the audit inspections, Processor, shall respond to all reasonable requests for information made by Controller or Controller’s consultant to confirm Processor's compliance with this Agreement, including responses to information security, due diligence, and audit questionnaires, by making additional information available regarding its information security program upon Controller’s or Controller’s consultant written request.
Security Reports and Audits. 7.1 Lookout is audited against data protection and information security standards ISO27001 on an annual schedule by independent third-party auditors. Upon request, Lookout shall supply (on a confidential basis) a summary copy of its audit report(s) ("Report") to Customer, so that Customer can verify Lookout's compliance with the audit standards against which it has been assessed, and this DPA.
7.2 Lookout shall also provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires that are necessary to confirm Lookout's compliance with this DPA, provided that Customer shall not exercise this right more than once per year. The parties agree that Customer shall exercise its audit rights under the Standard Contractual Clauses by instructing Lookout to comply with the audit measures described in this Section 7.
Security Reports and Audits. 1Where the Processor is audited against PCI standards, it shall supply (on a confidential basis) a copy of its annual attestation of compliance and certificate of compliance ("Reports") to Controller within 5 Business Days of Controller’s written request, to enable Controller verify Processor's compliance with the audit standards against which it has been assessed and this Agreement.
Security Reports and Audits. 5.1 Audit rights. Mailchimp shall make available to Customer all information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections by Customer in order to assess compliance with this DPA. Customer acknowledges and agrees that it shall exercise its audit rights under this DPA (including this Section 5.1 and where applicable, the SCCs) by instructing Mailchimp to comply with the audit measures described in Sections 5.2 and 5.3 below.
5.2 Security reports. Customer acknowledges that Mailchimp is regularly audited against SSAE 16 and PCI standards by independent third party auditors and internal auditors respectively. Upon written request, Mailchimp shall supply (on a confidential basis) a summary copy of its most current audit report(s) ("Report") to Customer, so that Customer can verify Mailchimp's compliance with the audit standards against which it has been assessed and this DPA.
Security Reports and Audits. 5.1 Bench shall maintain records of its security standards. Upon Customer's written request, Bench shall provide (on a confidential basis) copies of relevant certifications, audit report summaries and/or other documentation reasonably required by Customer to verify Bench's compliance with this DPA. Bench shall further provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm Bench's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.
Security Reports and Audits. 5.1 Supplier shall maintain records of its security standards. Supplier shall provide written responses (on a confidential basis) to all reasonable requests for information made by Customer, including responses to information security and audit questionnaires, that Customer (acting reasonably) considers necessary to confirm Supplier's compliance with this DPA, provided that Customer shall not exercise this right more than once per year.
5.2 Supplier may assert a claim for remuneration for enabling these inspections.
Security Reports and Audits. Any provision of security attestation or audit reports shall take place in accordance with Customer’s rights under the Agreement. If the Agreement does not include a provision regarding security attestation or audit reports, iManage shall (a) maintain security practices and policies for the protection of Customer Data as set forth in the written data security policy for the Cloud Services, and (b) upon Customer’s request (not more than one time per calendar year), and subject to the confidentiality and non-disclosure obligations set forth in the Agreement, iManage shall make available to Customer information regarding iManage’s compliance with the obligations set forth in the Agreement and this DPA in the form of iManage’s ISO 27001 certification and/or SOC 2 or SOC 3 reports. If the Agreement does not include audit rights, iManage shall allow Customer (or an independent third-party auditor appointed by Customer), at Customer’s sole cost and expense, upon Customer’s written request at reasonable intervals, to conduct an audit of the procedures relevant to the protection of Customer Personal Data, subject to the confidentiality provisions of the Agreement. Customer and iManage will discuss and agree in advance on the reasonable start date, scope and duration of, and security and confidentiality controls applicable to, any audit and Customer shall take all necessary steps to minimize the disruption to iManage’s business. iManage may elect to provide Customer with documents and records demonstrating its compliance with the obligations of this DPA and Customer shall refrain from exercising its audit right if the records are sufficient to demonstrate compliance with this DPA. Neither Customer nor any independent third-party auditor appointed by Customer shall have access to any data from iManage’s other customers or to iManage’s systems or facilities not involved in the Cloud Services.
