Common use of Third-Party Certifications and Audits Clause in Contracts

Third-Party Certifications and Audits. Each calendar year, Contentsquare shall engage an appropriately recognized accreditor to conduct an audit in accordance with ISO 27001, ISO 27701, SOC 2 or other similarly recognized standards (a “Data Protection Controls Audit”). Contentsquare shall cooperate with Customer and, upon reasonable prior notice to Contentsquare (no less than thirty (30) days), provided that Customer agrees to our Penetration Testing Protocol, Customer may conduct periodic technical security tests (manual penetration tests) and audits of Contentsquare’s systems holding or containing any Customer Personal Data, using a third party provider (under confidentiality obligations no less strict than the obligations of Customer under this Agreement), to verify that all necessary security measures have been implemented and are functioning properly, and in any event no more than once per each calendar year (a “Technology Security Audit”). Arising deficiencies and their associated criticality should be reviewed and mutually agreed on by both Parties. Contentsquare shall promptly address all critical deficiencies, concerns or recommendations arising out of any Security Questionnaire, Data Protection Controls Audit, or Technology Security Audit (each a “Security Audit”). If, as a result of any Security Audit, Customer reasonably deem Contentsquare’s security measures insufficient, then promptly following Customer’s written request, a senior Contentsquare executive shall meet with a representative of Customer to discuss the matter in good faith until its conclusion. Notwithstanding the foregoing, all assessments and audits conducted under this Section 6.2 shall conform to the following requirements: (i) 30 days prior written notice; (ii) limited to once every twelve months; (iii) at the sole cost of the Customer; (iv) scope of assessments and audits shall be limited to matters not covered by the SOC 2, ISO 27701 or ISO 27001 certifications in effect; and (v) any internal expenses incurred by Contentsquare as part of assessments and audits requested by the Customer with a scope already covered by the SOC 2, ISO27701 or ISO 27001 certifications in effect, shall be reimbursed by the Customer. In addition, except in the event of a proven and justified breach, Contentsquare may provide the Customer with the result of a previous audit carried out by a third party on the same scope (SOC 2, ISO 27001 or ISO 27701) and less than 12 months instead of the audit requested by the Customer. In this event, Contentsquare will be deemed to have satisfied Customer's right to audit.

Third-Party Certifications and Audits. Each calendar year, Contentsquare shall engage an appropriately recognized accreditor to conduct an audit in accordance with ISO 27001, ISO 27701, SOC 2 or other similarly recognized standards (a “Data Protection Controls Audit”). Contentsquare shall cooperate with Customer and, upon reasonable prior notice to Contentsquare (no less than thirty (30) days), provided that Customer agrees to our Penetration Testing Protocol, Customer may conduct periodic technical security tests (manual penetration tests) and audits of Contentsquare’s systems holding or containing any Customer Personal Data, using a third party provider (under confidentiality obligations no less strict than the obligations of Customer under this Agreement), to verify that all necessary security measures have been implemented and are functioning properly, and in any event no more than once per each calendar year (a “Technology Security Audit”). Arising deficiencies and their associated criticality should be reviewed and mutually agreed on by both Parties. Parties Contentsquare shall promptly address all critical deficiencies, concerns or recommendations arising out of any Security Questionnaire, Data Protection Controls Audit, or Technology Security Audit (each a “Security Audit”). If, as a result of any Security Audit, Customer reasonably deem Contentsquare’s security measures insufficient, then promptly following Customer’s written request, a senior Contentsquare executive shall meet with a representative of Customer to discuss the matter in good faith until its conclusion. Notwithstanding the foregoing, all assessments and audits conducted under this Section 6.2 7.2 shall conform to the following requirements: (i) 30 days prior written notice; (ii) limited to once every twelve months; (iii) at the sole cost of the Customer; (iv) scope of assessments and audits shall be limited to matters not covered by the SOC 2, ISO 27701 2 or ISO 27001 certifications in effect; and (v) any internal expenses incurred by Contentsquare as part of assessments and audits requested by the Customer with a scope already covered by the SOC 2, ISO27701 2 or ISO 27001 certifications in effect, shall be reimbursed by the Customer. In addition, except in the event of a proven and justified breach, Contentsquare may provide the Customer with the result of a previous audit carried out by a third party on the same scope (SOC 2, ISO 27001 or ISO 27701) and less than 12 months instead of the audit requested by the Customer. In this event, Contentsquare will be deemed to have satisfied Customer's right to audit.

Third-Party Certifications and Audits. Each calendar year, Contentsquare shall engage an appropriately recognized accreditor to conduct an audit in accordance with ISO 27001, ISO 27701, SOC 2 or other similarly recognized standards (a “Data Protection Controls Audit”). Contentsquare shall cooperate with Customer and, upon reasonable prior notice to Contentsquare (no less than thirty (30) days), provided that Customer agrees to our Penetration Testing Protocol, Customer may conduct periodic technical security tests (manual penetration tests) and audits of Contentsquare’s systems holding or containing any Customer Personal Data, using a third party provider (under confidentiality obligations no less strict than the obligations of Customer under this Agreement), to verify that all necessary security measures have been implemented and are functioning properly, and in any event no more than once per each calendar year (a “Technology Security Audit”). Arising deficiencies and their associated criticality should be reviewed and mutually agreed on by both Parties. Contentsquare shall promptly address all critical deficiencies, concerns or recommendations arising out of any Security Questionnaire, Data Protection Controls Audit, or Technology Security Audit (each a “Security Audit”). If, as a result of any Security Audit, Customer reasonably deem Contentsquare’s security measures insufficient, then promptly following Customer’s written request, a senior Contentsquare executive shall meet with a representative of Customer to discuss the matter in good faith until its conclusion. Notwithstanding the foregoing, all assessments and audits conducted under this Section 6.2 shall conform to the following requirements: (i) 30 days prior written notice; (ii) limited to once every twelve months; (iii) at the sole cost of the Customer; (iv) scope of assessments and audits shall be limited to matters not covered by the SOC 2, ISO 27701 or ISO 27001 certifications in effect; and (v) any internal expenses incurred by Contentsquare as part of assessments and audits requested by the Customer with a scope already covered by the SOC 2, ISO27701 or ISO 27001 certifications in effect, shall be reimbursed by the Customer. In addition, except in the event of a proven and justified breach, Contentsquare may provide the Customer with the result of a previous audit carried out by a third party on the same scope (SOC 2, ISO 27001 or ISO 27701) and less than 12 months instead of the audit requested by the CustomerClient. In this event, Contentsquare will be deemed to have satisfied Customer's right to audit.

Third-Party Certifications and Audits. Each calendar year, Contentsquare shall engage an appropriately recognized accreditor to conduct an audit in accordance with ISO 27001, ISO 27701, SOC 2 or other similarly recognized standards (a “Data Protection Controls Audit”). Contentsquare shall cooperate with Customer and, upon reasonable prior notice to Contentsquare (no less than thirty (30) days), provided that Customer agrees to our Penetration Testing Protocol, Customer may conduct periodic technical security tests (manual penetration tests) and audits of Contentsquare’s systems holding or containing any Customer Personal Data, using a third party provider (under confidentiality obligations no less strict than the obligations of Customer under this Agreement), to verify that all necessary security measures have been implemented and are functioning properly, and in any event no more than once per each calendar year (a “Technology Security Audit”). Arising deficiencies and their associated criticality should be reviewed and mutually agreed on by both Parties. Contentsquare shall promptly address all critical deficiencies, concerns or recommendations arising out of any Security Questionnaire, Data Protection Controls Audit, or Technology Security Audit (each a “Security Audit”). If, as a result of any Security Audit, Customer reasonably deem Contentsquare’s security measures insufficient, then promptly following Customer’s written request, a senior Contentsquare executive shall meet with a representative of Customer to discuss the matter in good faith until its conclusion. Notwithstanding the foregoing, all assessments and audits conducted under this Section 6.2 shall conform to the following requirements: : (i) 30 days prior written notice; (ii) limited to once every twelve months; (iii) at the sole cost of the Customer; (iv) scope of assessments and audits shall be limited to matters not covered by the SOC 2, ISO 27701 or ISO 27001 certifications in effect; and (v) any internal expenses incurred by Contentsquare as part of assessments and audits requested by the Customer with a scope already covered by the SOC 2, ISO27701 or ISO 27001 certifications in effect, shall be reimbursed by the Customer. In addition, except in the event of a proven and justified breach, Contentsquare may provide the Customer with the result of a previous audit carried out by a third party on the same scope (SOC 2, ISO 27001 or ISO 27701) and less than 12 months instead of the audit requested by the Customer. In this event, Contentsquare will be deemed to have satisfied Customer's right to audit.

Third-Party Certifications and Audits. Each calendar year6.2.1 ConnectWise has obtained the third-party certifications and audits set forth within its Security, Contentsquare Privacy and Architecture Documentation. Upon Client’s written request (and, where Client is a Processor, shall engage reflect the instructions of its Controller) at reasonable intervals, and subject to the confidentiality Obligations set forth in the Agreement, ConnectWise shall make available to Client (and, where Client is a Processor, its Controller), that is not a competitor of ConnectWise (or Client’s independent, third-party auditor that is not a competitor of ConnectWise) a copy of ConnectWise’s then most recent third-party audits or certifications, as applicable, and to the extent ConnectWise makes them generally available to its Clients. 6.2.2 Client may contact ConnectWise (providing they render reasonable notice) and request an appropriately recognized accreditor to conduct an in-person audit in accordance with ISO 27001, ISO 27701, SOC 2 or other similarly recognized standards (a “Data Protection Controls On-Site Audit”). Contentsquare shall cooperate with Customer and, upon reasonable prior notice ) of the procedures relevant to Contentsquare (no less than thirty (30) days)the protection of Personal Data pursuant to this DPA, provided that Customer agrees to our Penetration Testing Protocol, Customer may conduct periodic technical security tests (manual penetration tests) and audits of ContentsquareClient conducts the On-Site Audit during ConnectWise’s systems holding or containing any Customer Personal Data, using a third party provider (under confidentiality obligations no less strict than the obligations of Customer under this Agreement), to verify that all necessary security measures have been implemented and are functioning properlynormal business hours, and in takes all reasonable measures to prevent any event no unnecessary disruption(s) to ConnectWise, and Client does not exercise its right to an On-Site Audit more than once per each calendar year (a “Technology Security year. Client shall reimburse ConnectWise for any time expended for an On-Site Audit at the ConnectWise Group’s then-current professional services rates, which shall be made available to Client upon request. Before the commencement of an On-Site Audit”), the Parties shall mutually agree upon the scope, timing, and duration of the On-Site Audit in addition to the reimbursement rate for which Client shall be responsible. Arising deficiencies and their associated criticality should All reimbursement rates shall be reviewed and mutually agreed on reasonable, taking into account the resources expended by both PartiesConnectWise. Contentsquare Client shall promptly address all critical deficiencies, concerns or recommendations arising out notify ConnectWise in writing with any findings of any Security Questionnaire, Data Protection Controls Audit, or Technology Security Audit (each a “Security Audit”). If, as a result of any Security Audit, Customer reasonably deem Contentsquare’s security measures insufficient, then promptly following Customer’s written request, a senior Contentsquare executive shall meet with a representative of Customer to discuss non-compliance discovered during the matter in good faith until its conclusion. Notwithstanding the foregoing, all assessments and audits conducted under this Section 6.2 shall conform to the following requirements: (i) 30 days prior written notice; (ii) limited to once every twelve months; (iii) at the sole cost course of the Customer; (iv) scope of assessments and audits shall be limited to matters not covered by the SOC 2, ISO 27701 or ISO 27001 certifications in effect; and (v) any internal expenses incurred by Contentsquare as part of assessments and audits requested by the Customer with a scope already covered by the SOC 2, ISO27701 or ISO 27001 certifications in effect, shall be reimbursed by the Customer. In addition, except in the event of a proven and justified breach, Contentsquare may provide the Customer with the result of a previous audit carried out by a third party on the same scope (SOC 2, ISO 27001 or ISO 27701) and less than 12 months instead of the audit requested by the Customer. In this event, Contentsquare will be deemed to have satisfied Customer's right to auditOn-Site Audit.