Third Party Audits. The Parties acknowledge that Pancake uses external auditors to verify the adequacy of its security measures, including the security of the physical data centres from which Pancake provides its data processing services. This audit: • will be performed at least annually; • will be performed according to ISO 27001 standards or such other alternative standards that are substantially equivalent to ISO 27001; • will be performed by independent third-party security professionals at Pancake’s selection and expense; and • will result in the generation of an audit report affirming that Pancake’s data security controls achieve prevailing industry standards (including, without limitation, Service Organization Controls No. 2 (SOC2) in accordance with auditing standards in the Statements on Standards for Attestation Engagements No. 16 (SSAE16)) or such other alternative standards that are substantially equivalent to ISO 28001 (“Report”). Upon Customer’s written request at reasonable intervals, Pancake shall make available to Customer that is not a competitor of Pancake (or Customer’s independent, third-party auditor that is not a competitor of Pancake) a copy or a summary of Pancake’s most recent Report, as applicable.
Appears in 7 contracts
Samples: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum