Common use of Third-Party Certifications and Audits Clause in Contracts

Third-Party Certifications and Audits. Each calendar year, Contentsquare shall engage an appropriately recognized accreditor to conduct an audit in accordance with ISO 27001, ISO 27701, SOC 2 or other similarly recognized standards (a “Data Protection Controls Audit”). Contentsquare shall cooperate with Customer and, upon reasonable prior notice to Contentsquare (no less than thirty (30) days), provided that Customer agrees to our Penetration Testing Protocol, Customer may conduct periodic technical security tests (manual penetration tests) and audits of Contentsquare’s systems holding or containing any Customer Personal Data, using a third party provider (under confidentiality obligations no less strict than the obligations of Customer under this Agreement), to verify that all necessary security measures have been implemented and are functioning properly, and in any event no more than once per each calendar year (a “Technology Security Audit”). Arising deficiencies and their associated criticality should be reviewed and mutually agreed on by both Parties. Contentsquare shall promptly address all critical deficiencies, concerns or recommendations arising out of any Security Questionnaire, Data Protection Controls Audit, or Technology Security Audit (each a “Security Audit”). If, as a result of any Security Audit, Customer reasonably deem Contentsquare’s security measures insufficient, then promptly following Customer’s written request, a senior Contentsquare executive shall meet with a representative of Customer to discuss the matter in good faith until its conclusion. Notwithstanding the foregoing, all assessments and audits conducted under this Section 6.2 shall conform to the following requirements: (i) 30 days prior written notice; (ii) limited to once every twelve months; (iii) at the sole cost of the Customer; (iv) scope of assessments and audits shall be limited to matters not covered by the SOC 2, ISO 27701 or ISO 27001 certifications in effect; and (v) any internal expenses incurred by Contentsquare as part of assessments and audits requested by the Customer with a scope already covered by the SOC 2, ISO27701 or ISO 27001 certifications in effect, shall be reimbursed by the Customer. In addition, except in the event of a proven and justified breach, Contentsquare may provide the Customer with the result of a previous audit carried out by a third party on the same scope (SOC 2, ISO 27001 or ISO 27701) and less than 12 months instead of the audit requested by the Customer. In this event, Contentsquare will be deemed to have satisfied Customer's right to audit.

Third-Party Certifications and Audits. Each calendar year, Contentsquare shall engage an appropriately recognized accreditor to conduct an audit in accordance with ISO 27001, ISO 27701, SOC 2 or other similarly recognized standards (a “Data Protection Controls Audit”). Contentsquare shall cooperate with Customer and, upon reasonable prior notice to Contentsquare (no less than thirty (30) days), provided that Customer agrees to our Penetration Testing Protocol, Customer may conduct periodic technical security tests (manual penetration tests) and audits of Contentsquare’s systems holding or containing any Customer Personal Data, using a third party provider (under confidentiality obligations no less strict than the obligations of Customer under this Agreement), to verify that all necessary security measures have been implemented and are functioning properly, and in any event no more than once per each calendar year (a “Technology Security Audit”). Arising deficiencies and their associated criticality should be reviewed and mutually agreed on by both Parties. Parties Contentsquare shall promptly address all critical deficiencies, concerns or recommendations arising out of any Security Questionnaire, Data Protection Controls Audit, or Technology Security Audit (each a “Security Audit”). If, as a result of any Security Audit, Customer reasonably deem Contentsquare’s security measures insufficient, then promptly following Customer’s written request, a senior Contentsquare executive shall meet with a representative of Customer to discuss the matter in good faith until its conclusion. Notwithstanding the foregoing, all assessments and audits conducted under this Section 6.2 7.2 shall conform to the following requirements: (i) 30 days prior written notice; (ii) limited to once every twelve months; (iii) at the sole cost of the Customer; (iv) scope of assessments and audits shall be limited to matters not covered by the SOC 2, ISO 27701 2 or ISO 27001 certifications in effect; and (v) any internal expenses incurred by Contentsquare as part of assessments and audits requested by the Customer with a scope already covered by the SOC 2, ISO27701 2 or ISO 27001 certifications in effect, shall be reimbursed by the Customer. In addition, except in the event of a proven and justified breach, Contentsquare may provide the Customer with the result of a previous audit carried out by a third party on the same scope (SOC 2, ISO 27001 or ISO 27701) and less than 12 months instead of the audit requested by the Customer. In this event, Contentsquare will be deemed to have satisfied Customer's right to audit.

Third-Party Certifications and Audits. Each calendar year, Contentsquare shall engage an appropriately recognized accreditor to conduct an audit in accordance with ISO 27001, ISO 27701, SOC 2 or other similarly recognized standards (a “Data Protection Controls Audit”). Contentsquare shall cooperate with Customer and, upon reasonable prior notice to Contentsquare (no less than thirty (30) days), provided that Customer agrees to our Penetration Testing Protocol, Customer may conduct periodic technical security tests (manual penetration tests) and audits of Contentsquare’s systems holding or containing any Customer Personal Data, using a third party provider (under confidentiality obligations no less strict than the obligations of Customer under this Agreement), to verify that all necessary security measures have been implemented and are functioning properly, and in any event no more than once per each calendar year (a “Technology Security Audit”). Arising deficiencies and their associated criticality should be reviewed and mutually agreed on by both Parties. Contentsquare shall promptly address all critical deficiencies, concerns or recommendations arising out of any Security Questionnaire, Data Protection Controls Audit, or Technology Security Audit (each a “Security Audit”). If, as a result of any Security Audit, Customer reasonably deem Contentsquare’s security measures insufficient, then promptly following Customer’s written request, a senior Contentsquare executive shall meet with a representative of Customer to discuss the matter in good faith until its conclusion. Notwithstanding the foregoing, all assessments and audits conducted under this Section 6.2 shall conform to the following requirements: (i) 30 days prior written notice; (ii) limited to once every twelve months; (iii) at the sole cost of the Customer; (iv) scope of assessments and audits shall be limited to matters not covered by the SOC 2, ISO 27701 or ISO 27001 certifications in effect; and (v) any internal expenses incurred by Contentsquare as part of assessments and audits requested by the Customer with a scope already covered by the SOC 2, ISO27701 or ISO 27001 certifications in effect, shall be reimbursed by the Customer. In addition, except in the event of a proven and justified breach, Contentsquare may provide the Customer with the result of a previous audit carried out by a third party on the same scope (SOC 2, ISO 27001 or ISO 27701) and less than 12 months instead of the audit requested by the CustomerClient. In this event, Contentsquare will be deemed to have satisfied Customer's right to audit.