Common use of Operational Audits Clause in Contracts

Operational Audits. Provider shall provide to Customer and to internal and external auditors, inspectors, regulators and other representatives that Customer may designate from time to time (“Customer Auditors”) access in accordance with Section 14.2(b) below to perform operational audits and inspections of Provider, Provider Agents and their respective facilities (“Operational Audits”), to: (i) verify the integrity of the Customer Data; (ii) examine the systems that access, process, store, support and transmit that data and examine the results of external Third Party data processing audits or reviews relating to Provider’s operations relevant to the Services; (iii) verify whether the Services comply with Customer Compliance Requirements and the requirements of the “Privacy Requirements” Exhibit; (iv) evaluate Provider’s compliance with the requirements of the “Information Security Requirements” Exhibit (i.e., Provider’s physical and logical security and Disaster Recovery Services), including examination of all self-conducted and Third Party intrusion vulnerability and CONFIDENTIAL TREATMENT HAS BEEN REQUESTED FOR PORTIONS OF THIS EXHIBIT. THE COPY FILED HEREWITH OMITS THE INFORMATION SUBJECT TO A CONFIDENTIALITY REQUEST. OMISSIONS ARE DESIGNATED [ * * * ]. A COMPLETE VERSION OF THIS EXHIBIT HAS BEEN FILED SEPARATELY WITH THE SECURITIES AND EXCHANGE COMMISSION. penetration assessments and reports; (v) confirm that the Services are being provided in accordance with the Agreement, including the Service Levels; (vi) verify the integrity of Provider’s Performance Reports (including raw data from which such Performance Reports are compiled); (vii) facilitate Customer Group’s compliance with Customer Compliance Requirements; and (viii) examine, test and assess Provider’s systems, policies and procedures relating to intrusion detection and interception with respect to the Provider systems used to provide the Services, provided that any penetration testing on Shared Systems or any other system which would reasonably impact a Provider customer shall be subject to Provider’s security policies and the prior written consent of the Third Party with whom such system is shared, which Provider shall use commercially reasonable efforts to obtain.

Operational Audits. Provider Supplier shall provide the auditors designated by Advanta in writing, including Governmental Authorities, third-party auditors and Advanta’s internal audit staff, with access at all times to Customer any facility at which the Services are being performed, to Supplier and Supplier Agent personnel, and to internal the data and external auditors, inspectors, regulators and other representatives that Customer may designate from time records maintained by Supplier with respect to time the Services: (“Customer Auditors”a) access in accordance with Section 14.2(b) below to perform operational for the purpose of performing audits and inspections of ProviderSupplier, Provider Agents the Supplier Agents, and their respective facilities businesses as they relate to the Services (“Operational Audits”including any audits necessary to enable verification of compliance with Regulatory Requirements), to: ; (ib) verify for the ****** — Denotes material that has been omitted and filed separately with the Commission. purpose of verifying the integrity of the Customer Data; (ii) examine personal information, examining the systems that access, process, store, support support, and transmit that data such data, confirming the security of such personal information, and examine the results of external Third Party data processing audits or reviews relating to Provider’s operations relevant to the Services; (iii) verify whether the Services comply with Customer Compliance Requirements and the requirements of the “Privacy Requirements” Exhibit; (iv) evaluate Providerverifying Supplier’s compliance with the data protection requirements of the “Information Security Requirements” Exhibit (i.e., Provider’s physical and logical other data security and Disaster Recovery Services), including examination of all self-conducted and Third Party intrusion vulnerability and CONFIDENTIAL TREATMENT HAS BEEN REQUESTED FOR PORTIONS OF THIS EXHIBIT. THE COPY FILED HEREWITH OMITS THE INFORMATION SUBJECT TO A CONFIDENTIALITY REQUEST. OMISSIONS ARE DESIGNATED [ * * * ]. A COMPLETE VERSION OF THIS EXHIBIT HAS BEEN FILED SEPARATELY WITH THE SECURITIES AND EXCHANGE COMMISSION. penetration assessments and reportsrequirements; (vc) confirm for the purpose of examining data and records pertaining to Advanta’s or any other Service Recipient’s compliance with the Xxxxxxxx-Xxxxx Requirements; (d) for the purpose of confirming that the Services are being provided efficiently and in accordance with the this Agreement, including the Service Levels; and (vie) verify for any other reasonable business purpose. To the integrity extent applicable to the Services, the scope of Providersuch audits and inspections may include: (i) Supplier’s Performance Reports (including raw data from which such Performance Reports are compiled)practices and procedures; (viiii) facilitate Customer Group’s compliance with Customer Compliance Requirementsthe adequacy of general controls (e.g., organizational controls, input/output controls, system modification controls, processing controls, system design controls, and access controls) and security practices and procedures; (iii) the adequacy of disaster recovery and back-up procedures; and (viiiiv) examineany analyses necessary to enable compliance with applicable Regulatory Requirements. If any audit by an auditor designated by Advanta, test any other Service Recipient or a regulatory authority results in Supplier being notified that Supplier or Supplier Agents are not in compliance with any Regulatory Requirement or audit requirement (e.g., Sarbanes Oxley Requirements), Supplier shall, and assess Provider’s systemsshall cause Supplier Agents to, policies and procedures promptly take actions to comply with such Regulatory Requirement or audit requirement. Supplier shall bear the expense of any such response that is required by a Supplier Regulatory Requirement or audit requirement relating to intrusion detection and interception Supplier’s business or necessary due to Supplier’s noncompliance with respect any Supplier Regulatory Requirement or audit requirement imposed on Supplier. To the extent the expense is not payable by Supplier pursuant to the Provider systems used preceding sentence, Advanta shall bear the expense of any such compliance that is required by any Advanta Regulatory Requirement or audit requirement relating to provide the Services, provided that Advanta’s business or necessary due to Advanta’s noncompliance with any penetration testing Advanta Regulatory Requirement or audit requirement imposed on Shared Systems or any other system which would reasonably impact a Provider customer shall be subject to Provider’s security policies and the prior written consent of the Third Party with whom such system is shared, which Provider shall use commercially reasonable efforts to obtainAdvanta.

Operational Audits. Provider During the Audit Period Supplier shall, and, if and to the extent (i) appropriate in Kraft’s reasonable judgment given the nature of the services or products being provided by them and (ii) the purpose for the audit of any Subcontractor or supplier cannot be reasonably satisfied, in the reasonable judgment of Kraft’s auditors, through an audit of Supplier, shall cause its Subcontractors and suppliers (other than Commodity Equipment and Transport Providers, product vendor specialists who Supplier engages on a temporary basis to address urgent problems, Third Party Contractors under Kraft assigned contracts to the extent such contracts do not comply with this requirement as of the Effective Date, and vendors of Supplier Overhead Materials) to provide to Customer Kraft (and to internal and external auditors, inspectors, regulators and other representatives that Customer Kraft may designate from time to time (“Customer Auditors”time, including customers, vendors, licensees and other third parties to the extent Kraft or the Eligible Recipients are legally or contractually obligated to submit to audits by such entities) access in accordance with Section 14.2(b) below at reasonable hours, and following reasonable notice to perform operational the extent such notice is available to Kraft, to Supplier Personnel, to the facilities at or from which Services are then being provided and to Supplier records and other pertinent information, all to the extent relevant to the Services and Supplier’s obligations under this Agreement. Such access shall be provided for the purpose of performing audits and inspections of Providerinspections, Provider Agents and their respective facilities (“Operational Audits”), to: to (i) verify the integrity of the Customer Kraft Data; (ii) examine the systems that access, process, store, support and transmit that data and data; (iii) examine the results internal controls (e.g., information technology controls, organizational controls, input/output controls, system modification controls, processing controls, system design controls, and access controls) and the security, disaster recovery and back-up practices and procedures; (iv) examine Supplier’s performance of external Third Party data processing audits or reviews relating to Provider’s operations relevant to the Services; (iiiv) verify whether Supplier’s reported performance against the Services comply with Customer Compliance Requirements and the requirements of the “Privacy Requirements” Exhibit; (iv) evaluate Provider’s compliance with the requirements of the “Information Security Requirements” Exhibit (i.e., Provider’s physical and logical security and Disaster Recovery Services), including examination of all self-conducted and Third Party intrusion vulnerability and CONFIDENTIAL TREATMENT HAS BEEN REQUESTED FOR PORTIONS OF THIS EXHIBIT. THE COPY FILED HEREWITH OMITS THE INFORMATION SUBJECT TO A CONFIDENTIALITY REQUEST. OMISSIONS ARE DESIGNATED [ * * * ]. A COMPLETE VERSION OF THIS EXHIBIT HAS BEEN FILED SEPARATELY WITH THE SECURITIES AND EXCHANGE COMMISSION. penetration assessments and reports; (v) confirm that the Services are being provided in accordance with the Agreement, including the applicable Service Levels; (vi) verify the integrity of Providerexamine Supplier’s Performance Reports (including raw data from which such Performance Reports are compiled)measurement, monitoring and management tools; and (vii) facilitate Customer Group’s compliance enable Kraft and the Eligible Recipients to meet applicable legal, regulatory and contractual requirements (including those associated with Customer Compliance Requirementsthe Xxxxxxxx-Xxxxx Act of 2002 and the implementing regulations promulgated by the United States Securities and Exchange Commission and Public Company Accounting Oversight Board), in each case (i) through (vii) to the extent applicable to the Services. Supplier shall (i) provide any assistance reasonably requested by Kraft or its designee in conducting any such audit, including installing and operating audit software; (ii) make requested personnel, records and information available to Kraft or its designee; and (viiiiii) examinein all cases, test provide such assistance, personnel, records and assess Provider’s systems, policies and procedures relating information in an expeditious manner to intrusion detection and interception with respect facilitate the timely completion of such audit. If an audit reveals a breach of this Agreement by Supplier that is material relative to the Provider systems used to provide the Services, provided that any penetration testing on Shared Systems or any other system which would reasonably impact a Provider customer shall be subject to Provider’s security policies and the prior written consent scope of the Third Party with whom audit, Supplier shall promptly reimburse Kraft for the actual cost of such system is sharedaudit and any damages, which Provider shall use commercially reasonable efforts to obtainfees, fines, or penalties assessed against or incurred by Kraft as a result thereof.

Operational Audits. Provider PeopleSupport shall, and shall cause its subcontractors to, provide to Customer Client (and to internal and external auditors, inspectors, regulators and other representatives that Customer Client may designate from time to time other than an entity that derives *** or more of its non-audit and non-consulting revenue from contact center businesses (“Customer AuditorsPeople Support Competitor”)) access in accordance with Section 14.2(b) below at reasonable hours to perform operational PEOPLESUPPORT, INC. CONFIDENTIAL 6 ***CONFIDENTIAL MATERIAL REDACTED AND SEPARATELY FILED WITH THE COMMISSION. PeopleSupport personnel, to the facilities at or from which Services are then being provided and to Client records and other pertinent information, all to the extent relevant to the Services and this Agreement. Such access shall be provided for the sole purpose of performing audits and inspections of Providerinspections, Provider Agents and their respective facilities (“Operational Audits”), to: to (i) verify the integrity of the Customer Data; Client data, (ii) examine the systems that access, process, store, support and transmit that data data, (iii) examine applicable controls and the security, disaster recovery and back-up practices and procedures; (iv) examine the results PeopleSupport’s performance of external Third Party data processing audits or reviews relating to Provider’s operations relevant to the Services; (iiiv) verify whether PeopleSupport’s reported performance against the Services comply with Customer Compliance Requirements and the requirements of the “Privacy Requirements” Exhibit; (iv) evaluate Provider’s compliance with the requirements of the “Information Security Requirements” Exhibit (i.e., Provider’s physical and logical security and Disaster Recovery Services), including examination of all self-conducted and Third Party intrusion vulnerability and CONFIDENTIAL TREATMENT HAS BEEN REQUESTED FOR PORTIONS OF THIS EXHIBIT. THE COPY FILED HEREWITH OMITS THE INFORMATION SUBJECT TO A CONFIDENTIALITY REQUEST. OMISSIONS ARE DESIGNATED [ * * * ]. A COMPLETE VERSION OF THIS EXHIBIT HAS BEEN FILED SEPARATELY WITH THE SECURITIES AND EXCHANGE COMMISSION. penetration assessments and reports; (v) confirm that the Services are being provided in accordance with the Agreement, including the Service Levelsapplicable service levels; (vi) verify the integrity of Providerexamine PeopleSupport’s Performance Reports (including raw data from which such Performance Reports are compiled)measurement, monitoring and management tools; and (vii) facilitate Customer Group’s compliance with Customer Compliance Requirements; enable Client to meet applicable legal, regulatory and contractual requirements. PeopleSupport shall provide any assistance reasonably requested by Client or its designee (viiiother than a PeopleSupport Competitor) examinein conducting any such audit, test including installing and assess Provider’s systems, policies and procedures relating to intrusion detection and interception with respect to the Provider systems used to provide the Servicesoperating audit software, provided that such audit shall not unreasonably interfere with the operation of PeopleSupport’s business. If an audit reveals a material breach of this Agreement by PeopleSupport, PeopleSupport shall promptly reimburse Client for the actual cost of any penetration testing on Shared Systems damages, fees, fines, or penalties assessed against or incurred by Client as a result thereof. If a Client designee receiving Services under this Agreement owns a PeopleSupport Competitor, then Client shall require that such designee maintain a strict firewall vis-à-vis such PeopleSupport Competitor and prohibit disclosure of any other system which would reasonably impact a Provider customer shall be subject PeopleSupport information to Provider’s security policies and the prior written consent of the Third Party with whom such system is shared, which Provider shall use commercially reasonable efforts to obtainPeopleSupport Competitor.