Common use of General documentation to the Controller Clause in Contracts

General documentation to the Controller. 1.1 Upon written request, the Processor is obliged to submit the following general documentation to the Controller: a) A declaration from the Processor's management specifying that, during the processing of personal data on behalf of the Controller, the Processor continuously ensures compliance with its obligations under this Processor Agreement. b) A description of the practical measures, both technical and organisational, implemented by the Processor to ensure compliance with its obligations under the Processor Agreement. The description may include a presentation of established and implemented management systems for information security and for processing of personal data as well as a description of other initiatives taken. As part thereof, the Processor is also obliged to participate in follow-up meetings with the Controller. A description of the control measures taken and implemented by the Processor for measurement and control of the effect of the established management system for information security and processing of personal data and performance measurements thereof. 1.2 Upon written request, the Processor will further assist with non-general documentation, documenting any other measures and controls as the Controller may request. 1.3 The general documentation must be provided no later than 14 working days after the Controller has made its written request to the Processor, or such shorter notice as required by government. The Processor shall prepare general documentation for its own account; preparation of non-general documentation and participation in meetings may be subjected to a separate payment of a fee to the Processor, as agreed on a request by request basis and negotiated between the Parties.

General documentation to the Controller. 1.1 Upon written request, the Processor is obliged to submit the following general documentation to the Controller: a) A declaration from the Processor's management specifying that, during the processing of personal data on behalf of the Controller, the Processor continuously ensures compliance with its obligations under this Processor Processing Agreement. b) A description of the practical measures, both technical and organisational, implemented by the Processor to ensure compliance with its obligations under the Processor Processing Agreement. The description may include a presentation of established and implemented management systems for information security and for processing of personal data as well as a description of other initiatives taken. As part thereof, the Processor is also obliged to participate in follow-up meetings with the Controller. A description of the control measures taken and implemented by the Processor for measurement and control of the effect of the established management system for information security and processing of personal data and performance measurements thereof. 1.2 Upon written request, the Processor will further assist with non-general documentation, documenting any other measures and controls as the Controller may request. 1.3 The general documentation must be provided no later than 14 working days after the Controller has made its written request to the Processor, or such shorter notice as required by the government. The Processor shall prepare general documentation for its own account; preparation of non-general documentation and participation in meetings may be subjected to a separate payment of a fee to the Processor, as agreed on a request by request basis and negotiated between the Parties.