Common use of Audit Scope Clause in Contracts

Audit Scope. Solely with respect to SunTrust Proprietary Information, to assess the effective protection of such information, SunTrust will have the right to request or conduct remote or on-site audits of FMC, at SunTrust’s discretion and expense (except as set forth below), to review the information and data security systems and procedures and processes of FMC (collectively, the “Security Systems”) at any time during FMC’s regular business hours, upon no less than ten (10) Business Days prior written notice to FMC. The Parties shall mutually agree on the scope, scale and type of testing. The audits may be performed by an independent third party identified and contracted by FMC and subject to reasonable approval of SunTrust bound by non-disclosure provisions similar to those in this Agreement, and shall include reasonable testing of the Security Systems, including periodic vulnerability scans. The Parties will schedule the testing at a mutually agreeable time and will cooperate in structuring the tests so as to use reasonable, industry-standard precautions to prevent or minimize any risks to FMC’s Security Systems that may be associated with such testing, and the Parties will cooperate in structuring the testing so as to avoid harming the rights and interests of FMC or any third parties. FMC agrees to promptly grant reasonable access to logs, policies, records, other materials, and FMC Personnel reasonably required for SunTrust to perform the audit. SunTrust will reasonably determine the extent and methodology of the testing subject to the approval of FMC, such approval not to be unreasonably withheld. Further, FMC agrees to make available to SunTrust the results of any third party’s or its own testing, monitoring and auditing of such Security Systems; provided, however, that FMC will not be required to make available any such results which would breach confidentiality obligations between FMC and any third party and may instead provide a summary of results describing any identified vulnerability or risk and proposing remedial action. To the extent that any system data or information is obtained by SunTrust in the course of an assessment, such data or information shall be Confidential Business Information of FMC and FMER, and SunTrust shall treat it in accordance with Article 14. In no event shall SunTrust retain any code from FMC’s or FMER’s systems or decompile, disassemble, or reverse engineer any such code, in whole or in part. Neither SunTrust nor its representatives shall introduce any malicious or unauthorized code (virus, Trojans, worms, trap door, etc.) or undisclosed features into FMC’s or FMER’s systems intending to disable, deactivate, interfere with or otherwise harm such systems or data or provide access not authorized by FMC or FMER.

Audit Scope. Solely with respect to SunTrust Proprietary Information, to assess the effective protection of such informationLender Proprietary Information, SunTrust will have the right to request or Lender may conduct annual remote or on-site audits of FMCServicer, at SunTrustLender’s discretion and expense (except as set forth below), to review the information and data security systems and procedures and processes of FMC (collectively, the “Security Systems”) Systems at any time during FMCServicer’s regular business hourshours upon at least three (3) Business Days’ prior notice to Servicer; however, upon no less than ten Servicer may request up to an additional seven (107) Business Days prior written notice to FMCcomply. The Parties shall mutually agree on However, if there is an actual breach of the scopeSecurity Systems, scale and type of testingLender may conduct additional audits. The audits may be performed by Lender, its agent, or an independent third party identified and contracted by FMC and subject to reasonable approval of SunTrust bound by non-disclosure nondisclosure provisions substantially similar to those in this Origination Agreement, and shall may include reasonable testing of the Security Systems, including without limitation, periodic vulnerability scans. The Parties will schedule the testing at a mutually agreeable time and will cooperate in structuring the tests so as to use reasonable, industry-standard precautions to prevent or minimize any risks to FMC’s the Security Systems that may be associated with such testing, and the Parties will cooperate in structuring the testing so as to avoid harming the rights and interests of FMC Servicer or any third parties. FMC agrees to promptly grant Servicer will provide Lender with reasonable assistance and information necessary for the performance of the testing, including reasonable access to its logs, policies, records, and other materialsmaterials (solely as related to Lender Proprietary Information), and FMC Personnel to Servicer personnel reasonably required for SunTrust Lender to perform the audit. SunTrust Lender will reasonably determine the extent and methodology of the testing subject to the approval of FMCServicer, such the approval not to be unreasonably withheld, conditioned or delayed. Further, FMC Servicer agrees to make available to SunTrust Lender the results of any third party’s or its own testing, monitoring and auditing of such the Security Systems; Systems solely as relates to Lender Proprietary Information, provided, however, that FMC Servicer will not be required to make available any such results which would breach its confidentiality obligations between FMC and to any third party and may instead provide a summary of results describing any identified vulnerability or risk and proposing remedial action. To the extent that any system data or information is obtained by SunTrust in the course of an assessment, such data or information shall be Confidential Business Information of FMC and FMER, and SunTrust shall treat it in accordance with Article 14. In no event shall SunTrust retain any code from FMC’s or FMER’s systems or decompile, disassemble, or reverse engineer any such code, in whole or in part. Neither SunTrust nor its representatives shall introduce any malicious or unauthorized code (virus, Trojans, worms, trap door, etcparty.) or undisclosed features into FMC’s or FMER’s systems intending to disable, deactivate, interfere with or otherwise harm such systems or data or provide access not authorized by FMC or FMER.

Audit Scope. Solely with respect to SunTrust Proprietary Information, to assess the effective protection of such informationLender Proprietary Information, SunTrust will have the right to request or Lender may conduct annual remote or on-site audits of FMCServicer, at SunTrustLender’s discretion and expense (except as set forth below), to review the information and data security systems and procedures and processes of FMC (collectively, the “Security Systems”) Systems at any time during FMCServicer’s regular business hourshours upon at least three (3) CERTAIN CONFIDENTIAL MATERIAL APPEARING IN THIS DOCUMENT, upon no less than ten MARKED BY [*****] HAS BEEN OMITTED AND FILED SEPARATELY WITH THE SECURITIES AND EXCHANGE COMMISSION PURSUANT TO RULE 406 PROMULGATED UNDER THE SECURITIES ACT OF 1933, AS AMENDED Business Days’ prior notice to Servicer; however, Servicer may request up to an additional seven (107) Business Days prior written notice to FMCcomply. The Parties shall mutually agree on However, if there is an actual breach of the scopeSecurity Systems, scale and type of testingLender may conduct additional audits. The audits may be performed by Lender, its agent, or an independent third party identified and contracted by FMC and subject to reasonable approval of SunTrust bound by non-disclosure nondisclosure provisions substantially similar to those in this Origination Agreement, and shall may include reasonable testing of the Security Systems, including without limitation, periodic vulnerability scans. The Parties will schedule the testing at a mutually agreeable time and will cooperate in structuring the tests so as to use reasonable, industry-standard precautions to prevent or minimize any risks to FMC’s the Security Systems that may be associated with such testing, and the Parties will cooperate in structuring the testing so as to avoid harming the rights and interests of FMC Servicer or any third parties. FMC agrees to promptly grant Servicer will provide Lender with reasonable assistance and information necessary for the performance of the testing, including reasonable access to its logs, policies, records, and other materialsmaterials (solely as related to Lender Proprietary Information), and FMC Personnel to Servicer personnel reasonably required for SunTrust Lender to perform the audit. SunTrust Lender will reasonably determine the extent and methodology of the testing subject to the approval of FMCServicer, such the approval not to be unreasonably withheld, conditioned or delayed. Further, FMC Servicer agrees to make available to SunTrust Lender the results of any third party’s or its own testing, monitoring and auditing of such the Security Systems; Systems solely as relates to Lender Proprietary Information, provided, however, that FMC Servicer will not be required to make available any such results which would breach its confidentiality obligations between FMC and to any third party and may instead provide a summary of results describing any identified vulnerability or risk and proposing remedial action. To the extent that any system data or information is obtained by SunTrust in the course of an assessment, such data or information shall be Confidential Business Information of FMC and FMER, and SunTrust shall treat it in accordance with Article 14. In no event shall SunTrust retain any code from FMC’s or FMER’s systems or decompile, disassemble, or reverse engineer any such code, in whole or in part. Neither SunTrust nor its representatives shall introduce any malicious or unauthorized code (virus, Trojans, worms, trap door, etcparty.) or undisclosed features into FMC’s or FMER’s systems intending to disable, deactivate, interfere with or otherwise harm such systems or data or provide access not authorized by FMC or FMER.