Documentation and Audits Clause Samples

Documentation and Audits. 5.1 We shall document Our compliance with the obligations agreed in this DPA. 5.2 Upon Your request, and subject to the confidentiality obligations set forth in the Agreement, We shall make available to You or Your independent third-party auditor information regarding Our compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits. 5.3 If and only to the extent that the information made available to You as per Section 5.2 above cannot reasonably demonstrate Our compliance with the provisions of this DPA, You may request an on- site audit of the procedures relevant to the Processing activities, by contacting ▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇. Such audit will be conducted upon 30 days’ prior written notice, at most once per calendar year, during regular business hours, without interfering with Our operations, and subject to the execution of a confidentiality agreement. You may request more frequent audits only in the event We notify You of a Personal Data Breach that concerns your Personal Data or when a supervisory authority requires such an audit. Such an audit will be conducted by an independent third-party auditor reasonably acceptable to Us. Each party shall bear its own costs related to any audit. Before the commencement of an on-site audit, the parties shall mutually agree upon the scope, timing, and duration of the audit. You shall promptly provide Us with information regarding any noncompliance discovered during the course of an audit.

Documentation and Audits. 4.1 The Service Provider shall upon request provide the Customer with sufficient information to enable the Customer to demonstrate that the appropriate security measures have been implemented. 4.2 The Customer is entitled to and subject to the provisions concerning audits in the Service Agreements, at its own cost to appoint an independent expert who shall have access to the Service Provider's data processing facilities and receive the necessary information in order to be able to audit whether the Service Provider has implemented and maintained the technical and organizational security measures

Documentation and Audits. The following provisions of 1 through 8 are applicable regarding the administration of resources provided by the Department to the Recipient of Federal Funds. Those provisions are applicable if the Recipient is a state or local government or a nonprofit organization as defined in OMB Circular A-133, as revised. 1) In the event that the Recipient expends $500,000 or more in Federal awards in its fiscal year, the Recipient must have a single or program-specific audit conducted in accordance with the provisions of OMB Circular A-133, as revised. Exhibit 1 to this agreement indicates Federal resources awarded through this Department by this agreement. In determining the Federal awards expended in its fiscal year, the Recipient shall consider all sources of Federal awards, including Federal resources received from this Department. The determination of amounts of federal awards expended should be in accordance with the guidelines established by OMB Circular A-133, as revised. An audit of the Recipient conducted by the Auditor General in accordance with provisions of OMB Circular A-133, as revised, will meet these requirements. 2) In connection with these audit requirements, the Recipient shall fulfill the requirements relative to auditee responsibilities as provided in Subpart C of OMB Circular A-133, as revised. 3) If the Recipient expends less than $500,000 in Federal awards in its fiscal year, an audit conducted in accordance with the provisions of OMB Circular A-133, as revised, is not required. In the event that the Recipient expends less than $500,000 in federal awards in its fiscal year and elects to have an audit conducted in accordance with provisions of OMB Circular A-133, as revised, the cost of the audit must be paid from non-federal resources (i.e., the cost of such an audit must be paid from Recipient resources obtained from other than Federal entities). 4) Copies of reporting packages for audits conducted in accordance with OMB Circular A-133, as revised, and required by this agreement shall be submitted when required by Section .320(d), OMB Circular A-133, as revised, by or on behalf of the Recipient directly to each of the following: a. The Department of Agriculture and Consumer Services Division of ▇▇▇▇▇▇▇▇▇▇▇▇▇▇ ▇▇▇ ▇▇▇▇ ▇▇▇▇▇▇▇▇ ▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ Tallahassee, Florida 32399-0800 b. The Federal Audit Clearinghouse designated in OMB Circular A-133, as revised (the number of copies required by Sections .320(d)(1) and (2), OMB Circular A-13...

Documentation and Audits. 5.1 We shall document Our compliance with the obligations agreed in this DPA. 5.2 Upon Your request, and subject to the confidentiality obligations set forth in the Agreement, We shall make available to You or Your independent third-party auditor information regarding Our compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits. 5.3 If and only to the extent that the information made available to You as per Section 5.2 above cannot reasonably demonstrate Our compliance with the provisions of this DPA, You may request an on- site audit of the procedures relevant to the Processing activities, by contacting ▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇. Such audit will be conducted upon 30 days’ prior written notice, at most once per calendar year, during regular business hours, without interfering with Our operations, and subject to the execution of a confidentiality agreement. You may request more frequent audits only in the event We notify You of a

Documentation and Audits a) Provider shall (i) monitor, by appropriate means, its own compliance with its data protection obligations under this DPA and Applicable Data Protection Law, (ii) create related periodic (at least annual) and occasion-based reports (each a “Report”) and (iii) make the Reports available to Innomotics and Authorized Entities upon request. Where a control standard and frame- work implemented by Provider provides for controls, such controls will be performed according to the standards and rules of the regulatory or accreditation body for each applicable control standard or framework. b) If required to adequately address its audit rights and obligations under Applicable Data Protection Law, the applicable Transfer Safeguards or if requested by a competent data protection authority or other competent government authority or agency, Provider shall make available to Innomotics and Authorized Entities - in addition to the Reports - all further information reasonably requested and allow for and contribute to audits, including inspections, conducted by Innomotics or Authorized Entities or another auditor mandated by Innomotics or Authorized Entities. For such purpose, Innomotics, Authorized Entities or another auditor mandated by Innomotics or Authorized Entities shall also have the right to carry out on-site inspections during regular business hours, without disrupting the Provider’s business operations, and if necessary, after a reasonable prior notice.

Documentation and Audits. 8.1 HRForecast shall document appropriately its compliance with the obligations agreed upon in this DPA. At Customer’s request, HRForecast will provide Customer with the information required and available to HRForecast to prove such compliance. 8.2 The Parties agree that the favorable way to prove such compliance is provision of suitable third-party certification, e.g. ISO27001. 8.3 Where on-site audits and inspections by Customer or a suitably qualified and reasonably independent auditor appointed by Customer are necessary, such audits and inspections will be limited to HRForecast’s own premises and conducted during regular business hours, and without interfering with HRForecast’s operations, upon prior notice, and observing an appropriate notice period. HRForecast is entitled to a remuneration for such audit unless the audit reveals material breach of this DPA by HRForecast. Customer will provide the audit results to HRForecast.‌ HRForecast is entitled, at his own discretion and taking into account the legal obligations of Customer, not to disclose information which is sensitive with regard to HRForecast’s business or if HRForecast would be in breach of statutory or other contractual provisions as a result of its disclosure. Customer is not entitled to get access to data or information about HRForecast’s other customers, cost information, quality control and contract management reports, or any other confidential data of HRForecast that is not directly relevant for the agreed audit purposes. Customer will treat all information found in the audit as Confidential Information. HRForecast is entitled to reject auditors which are competitors to HRForecast. 8.4 Where a data protection supervisory authority or another supervisory authority with statutory competence for Controller conducts an inspection, sec. 8.3 above shall apply mutatis mutandis. The execution of a confidentiality undertaking shall not be required if such supervisory authority is subject to professional or statutory confidentiality obligations whose breach is sanctionable under the applicable criminal code. Appendix 1 Scope of processing, categories of subjects and data‌ Data will be processed in accordance with the MSA and may be subject to the storage and other Processing necessary to provide, maintain and improve the Services provided to you, as stipulated in the MSA. The Services target improved HR management, for example, in the fields of workforce planning, people analytics, skill managemen...

Documentation and Audits. Sangamo shall keep full, true and accurate books of account containing all particulars that may be necessary for the purpose of tracking the actual number of FTEs that performed activities funded by Genentech under this Agreement (including, without limitation, the employee names and number of hours worked and which Designated Gene is the subject of particular activities), and such books of account shall be made available to Genentech, upon request.

Documentation and Audits. 7.1 Copies of external security certifications and audit report summaries. Sigstr shall, upon Customer’s written request, provide copies of external security certifications, audit report summaries and/or other documentation reasonably required by Customer to verify Supplier's compliance with this DPA Addendum.

Documentation and Audits. 5.5.1 Upon request by a DC, the DP shall make available to the DC all relevant information necessary to demonstrate compliance with this DPA, and shall allow for and reasonably cooperate with audits, including inspections by the DC or an auditor mandated by the DC. The DC shall give notice of any audit or document inspection to be conducted and shall make reasonable endeavours to avoid causing damage or disruption to the DP’s premises, equipment and business in the course of such an audit or inspection. Any audit or document inspection shall be carried out with reasonable prior written notice of no less than 30 days, and shall not be conducted more than once a year. 5.5.2 The DC may be requested to sign a non-disclosure agreement reasonably acceptable to the DP before being furnished with the above.