Common use of Data Center Audit Clause in Contracts

Data Center Audit. The contractor shall perform an annual independent audit of its data center(s) where Data, State applications, or other State information is maintained. The contractor shall perform this independent audit at its expense and shall, upon completion, provide an unredacted version of the complete audit report to the State. (The contractor may redact its proprietary information from the unredacted version, however.) A Service Organization Control (SOC) 2 audit report or equivalent approved by the Indiana Office of Technology sets the minimum level of a third-party audit. The State may perform an annual audit of contractor’s data center(s) where Data, State applications, or other State information is maintained. The audit may take place onsite or remotely, at the State’s discretion. The State shall provide to contractor thirty (30) days’ advance notice prior to the audit. The contractor will make reasonable efforts to facilitate the audit and will make available to the State members of its staff during the audit. The State may contract with a third party to conduct the audit at its discretion and at the State’s expense. If the contractor maintains Data, State applications, or other State information at multiple data centers, the State may perform an annual audit of each data center. The parties agree that any documents provided to the State under this paragraph shall be deemed a trade secret of contractor and is deemed administrative or technical information that would jeopardize a record keeping or security system, and shall be exempt from disclosure under the Indiana Access to Public Records Act, IC 5-14-3.