Common use of Audits and Certifications Clause in Contracts

Audits and Certifications. The parties agree that the audits described in Clause 5(f), Clause 11 and Clause 12(2) of the Standard Contractual Clauses and otherwise required by Applicable Data Protection Laws and Regulations shall be carried out in accordance with the following specifications: Upon Customer’s request, and subject to the confidentiality obligations set forth in the Agreement, Conga shall make available to Customer (or Customer’s independent, third-party auditor that is not a competitor of Conga) information demonstrating Conga’s compliance with the obligations set forth in this DPA in the form of the certifications and audit reports for the Services. Examples of potentially relevant certifications and audit reports include: SOC 2, SOC 3; ISO 27001:2013; ISO 27018:2014, Binding Corporate Rules; APEC Cross Border Privacy Rules System; EU-U.S. and Swiss-U.S. Privacy Xxxxxxx; industry codes of conduct or their successor frameworks. In the event Customer does not find the certifications and audit reports suitable, Conga will make its applicable premises and personnel available to Customer for audit upon request and at Customer’s cost. Before the commencement of any such audit, Customer and Conga shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Conga. Customer shall promptly notify Conga with information regarding any non-compliance discovered during the course of an audit and all findings during the audit shall be considered confidential information between Customer and Conga except as expressly required otherwise by Data Protection Laws and Regulations. If material non-compliance is discovered during Customer’s audit, Conga shall bear the costs.

Audits and Certifications. The parties agree that the audits described in Clause 5(f), Clause 11 and Clause 12(2) of the Standard Contractual Clauses and otherwise required by Applicable Data Protection Laws and Regulations shall be carried out in accordance with the following specifications: Upon Customer’s request, and subject to the confidentiality obligations set forth in the Agreement, Conga shall make available to Customer (or Customer’s independent, third-party auditor that is not a competitor of Conga) information demonstrating Conga’s compliance with the obligations set forth in this DPA in the form of the certifications and audit reports for the Services. Examples of potentially relevant certifications and audit reports include: SOC 2, SOC 3; ISO 27001:201327001; ISO 27018:201427701, Binding Corporate Rules; APEC Cross Border Privacy Rules System; EU-U.S. and Swiss-U.S. Privacy Xxxxxxx; industry codes of conduct or their successor frameworks. In the event Customer does not find the certifications and audit reports suitable, Conga will make its applicable premises and personnel available to Customer for audit upon request and at Customer’s cost. Before the commencement of any such audit, Customer and Conga shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Conga. Customer shall promptly notify Conga with information regarding any non-compliance discovered during the course of an audit and all findings during the audit shall be considered confidential information between Customer and Conga except as expressly required otherwise by Data Protection Laws and Regulations. If material non-compliance is discovered during Customer’s audit, Conga shall bear the costs.

Audits and Certifications. The parties agree that the audits described in Clause 5(f), Clause 11 ) and Clause 12(2) of the Standard Contractual Clauses and otherwise required by Applicable Data Protection Laws and Regulations shall be carried out in accordance with the following specifications: Upon Customer’s request, and subject to the confidentiality obligations set forth in the AgreementXxxxxxxxx, Conga Xxxx 0 Security shall make available to Customer that is not a competitor of Area 1 Security (or Customer’s independent, third-party auditor that is not a competitor of CongaArea 1 Security) information demonstrating Congaregarding the Area 1 Security Group’s compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits set forth in the Security, Privacy and Architecture Documentation to the extent Area 1 Security makes them generally available to its customers. Customer may contact Area 1 Security in accordance with the “Notices” Section of the Agreement to request an on-site audit reports of the procedures relevant to the protection of Personal Data. Customer shall xxxxxxxxx Xxxx 0 Security for any time expended for any such on-site audit at the Services. Examples of potentially relevant certifications and audit reports include: SOC 2Area 1 Security Group’s then-current professional services rates, SOC 3; ISO 27001:2013; ISO 27018:2014, Binding Corporate Rules; APEC Cross Border Privacy Rules System; EU-U.S. and Swiss-U.S. Privacy Xxxxxxx; industry codes of conduct or their successor frameworks. In the event Customer does not find the certifications and audit reports suitable, Conga will make its applicable premises and personnel which shall be made available to Customer for audit upon request and at Customer’s costrequest. Before the commencement of any such on-site audit, Customer and Conga Area 1 Security shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by CongaArea 1 Security. Customer shall promptly notify Conga Area 1 Security with information regarding any non-non- compliance discovered during the course of an audit and all findings during the audit shall be considered confidential information between Customer and Conga except as expressly required otherwise by Data Protection Laws and Regulations. If material non-compliance is discovered during Customer’s audit, Conga shall bear the costs.

Audits and Certifications. The parties agree that the audits described in Clause 5(f), Clause 11 and Clause 12(2) of the Standard Contractual Clauses and otherwise required by Applicable Data Protection Laws and Regulations shall be carried out in accordance with the following specifications: Upon Customer’s request, and subject to the confidentiality obligations set forth in the Agreement, Conga shall make available to Customer (or Customer’s independent, third-party auditor that is not a competitor of Conga) information demonstrating Conga’s compliance with the obligations set forth in this DPA in the form of the certifications and audit reports for the Services. Examples of potentially relevant certifications and audit reports include: SOC 2, SOC 3; ISO 27001:201327001; ISO 27018:201427701, Binding Corporate Rules; APEC Cross Border Privacy Rules System; EU-U.S. and Swiss-U.S. Privacy Xxxxxxx; industry codes of conduct or their successor frameworks. In the event Customer does not find the certifications and audit reports suitable, Conga will make its applicable premises and personnel available to Customer for audit upon request and at Customer’s cost. Before the commencement of any such audit, Customer and Conga shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Conga. Customer shall promptly notify Conga with information regarding any non-compliance discovered during the course of an audit and all findings during the audit shall be considered confidential information between Customer and Conga except as expressly required otherwise by Data Protection Laws and Regulations. If material non-non- compliance is discovered during Customer’s audit, Conga shall bear the costs.