Common use of Regular Audits Clause in Contracts

Regular Audits. Supplier shall appoint one of the American Institute of Certified Public Accountants member firms (“AICPA Auditors”) to conduct Type II ISAE 3402/SSAE 16 audit of each of the following Supplier’s operating systems using Supplier control standards located at a Supplier’s Service Management Centers (“SMC”): Mainframe OS 390, Windows NT/2000/2003, Unix HP, Unix IBM AIX, Unix Sun Solaris, Linux, and AS 400 platforms. Each such audit is called a “SSAE Audit”. Supplier’s obligation under the preceding sentences extends to Kraft, only to the extent that Supplier processes Kraft Data on any such operating system. Supplier agrees that, each calendar year during the Term, it will have one of the AICPA Auditors conduct, at Supplier’s expense, at least one SSAE Audit covering each type of operating system from which Kraft Data is processed at each SMC. Supplier shall provide Kraft with one copy of each applicable audit report resulting from such SSAE Audit (“SSAE Report”). To the extent Kraft obtain Services from Supplier’s SMC’s, any incremental remediation costs due to Supplier’s non-compliance with its obligation to provide the Services in accordance with Supplier’s control standards shall be borne by Supplier. For purposes of clarification, the Parties agree that if Kraft changes its environment in a manner that does not meet Supplier control standards, Supplier shall so notify Kraft and any operating system so affected may be excluded from the SSAE Audits discussed above.

Regular Audits. Supplier shall appoint one of the American Institute of Certified Public Accountants member firms (“AICPA Auditors”) to conduct Type II ISAE 3402/SSAE 16 SAS 70 audit of each of the following Supplier’s operating systems using Supplier control standards located at a Supplier’s Service Management Centers (“SMC”): Mainframe OS 390, Windows NT/2000/2003, Unix HP, Unix IBM AIX, Unix Sun Solaris, Linux, and AS 400 platforms. Each such audit is called a “SSAE SAS 70 Audit”. Supplier’s obligation under the preceding sentences extends to Kraft, only to the extent that Supplier processes Kraft Data on any such operating system. Supplier agrees that, each calendar year during the Term, it will have one of the AICPA Auditors conduct, at Supplier’s expense, at least one SSAE SAS 70 Audit covering each type of operating system from which Kraft Data is processed at each SMC. Supplier shall provide Kraft with one copy of each applicable audit report resulting from such SSAE SAS 70 Audit (“SSAE SAS 70 Report”). To the extent Kraft obtain Services from Supplier’s SMC’s, any incremental remediation costs due to Supplier’s non-compliance with its obligation to provide the Services in accordance with Supplier’s control standards shall be borne by Supplier. For purposes of clarification, the Parties agree that if Kraft changes its environment in a manner that does not meet Supplier control standards, Supplier shall so notify Kraft and any operating system so affected may be excluded from the SSAE SAS 70 Audits discussed above.