Common use of Customer Audits Clause in Contracts

Customer Audits. Customer (or its third-party regulator) or a mutually agreeable third party auditor, may audit ▇▇▇▇▇▇’▇ control environment and security practices relevant to Personal Data processed only if: (a) ▇▇▇▇▇▇ has not provided reasonably sufficient evidence of its compliance with the Technical and Organizational Measures in Appendix 2; (b) A Security Breach has occurred; (c) Customer or another Data Controller has reasonable grounds to suspect that ▇▇▇▇▇▇ is not in compliance with its obligations under this DPA; or (d) An audit is formally requested by Customer’s or another Data Controller’s data protection authority. Where Customer audits ▇▇▇▇▇▇’▇ environment, ▇▇▇▇▇▇ will reasonably support Customer in its audit processes subject to the restrictions set forth in Section 5.2. Upon Customer’s request, security documentation of ▇▇▇▇▇▇ or its applicable Subprocessor(s) can be provided to Customer.