Common use of MONITORING/AUDITS Clause in Contracts

MONITORING/AUDITS. 7.1 Supplier agrees to allow Buyer and its representatives to, and shall secure Buyer and its representatives’ rights to, monitor, log, and analyze access by Supplier and each of its subcontractors within Buyer Systems as a condition of allowing such access. 7.2 Upon Buyer’s written request, and no less than annually, Supplier must permit Buyer or its representative to audit any and each of Supplier’s privacy and security controls in relation to any Buyer Data being Processed by Supplier. Supplier shall fully cooperate with such audit by providing access to knowledgeable personnel, physical premises, documentation, infrastructure, and application software relevant to Supplier’s compliance with this Addendum. Supplier shall make available documentation from its subcontractors to support Buyer’s audit upon ▇▇▇▇▇’s request. 7.3 Supplier shall, at its sole cost and expense, maintain sufficient and current external security assessments of controls relevant to the Processing of Buyer Data to demonstrate Supplier’s compliance with this Addendum (“Assessments”) and provide a copy of such Assessments to Buyer upon request. Sufficient Assessments include a SOC-2 Type 2 report, ISO 27001 certification, CSA Security Trust Assurance and Risk (STAR) Level 2 certification, or other external audit or report that may be agreed upon by Buyer. Supplier will notify Buyer immediately if Supplier fails an Assessment. 7.4 Following any audit by Buyer or Buyer’s review of Supplier’s most recent Assessment, Supplier shall, as soon as reasonably practicable and at its sole cost and expense, implement any measures requested in writing by Buyer which are reasonably necessary for Supplier to meet its obligations under this Addendum.