Security Audits. Each Contract Year, County may perform or have performed security reviews and testing based on an IT infrastructure review plan. Such testing shall ensure all pertinent County security standards as well as any customer agency requirements, such as federal tax requirements or HIPPA.
Security Audits. During the term of this Agreement and thereafter, for as long as Agency retains Client Customer Information, Client, the Client’s clients, Agency representatives and agents will be entitled to conduct audits of Agency’s relevant operations, facilities, systems, etc. to confirm that Agency has complied with the Information Security Program Requirements (the “Security Audits”). Any Security Audit shall be scheduled and conducted during normal business hours and shall not unreasonably interfere with Agency’s business activities. In the event that any Security Audit results in the discovery of material security risks to Client Customer Information, or violations of applicable federal and state consumer privacy laws, rules, and regulations, Agency shall (i) respond to Client in writing with Agency’s plan to promptly take reasonable measures and corrective actions necessary to effectively eliminate the risk or cure the violation, at no cost to Client, and (ii) allow Client and the Client’s clients to review any system and transaction logs related thereto which pertain to Client’s information or data potentially compromised. Agency shall have five (5) business days to cure such security risk or violation, unless the parties mutually agree in writing to a longer period of time for such cure. Client’s right, and the right of the Client’s clients, Agency representatives and agents, to conduct a Security Audit, and any exercise of such right, shall not in any way diminish or affect Agency’s duties and liabilities under this Agreement.
Security Audits. Vendor will perform, or cause to have performed, once each year, audits of the privacy, data and physical security procedures and controls in effect at the Vendor Locations where Services are provided. Vendor will promptly provide to Prudential the results, including any findings and recommendations made by Vendor's auditors, of such audits in accordance with S.A.S. (Statement of Auditing Standards) 70. Prudential may, pursuant to this Agreement, perform the audits described in this Section.
Security Audits. The Processor agrees that its organisation, data processing facilities, relevant security measures, use of sub-contractors and any other aspect at any time relevant to the purpose of this Agreement and the relevant Data protection legislation may be subject to audits and inspections by the Controller or a third party on behalf of the Controller. The purpose of such audits shall be for the Controller to verify that the Processor complies with requirements of the Agreement, this Data Processing Agreement and applicable legislation. Such audits shall not be made more than once annually, unless the Controller has reason to believe that there are discrepancies as set out in Section 2.4 above. The Controller has the right to demand regular security audits, performed by an independent third party. The third party will deliver a report that will be delivered to Controller upon request.
Security Audits. 3.1. DCC shall be entitled to carry out such security audits as it may reasonably deem necessary in order to ensure that the Contractor maintains compliance with the Contractor security policy and the Security Management Plan, the specific security requirements set out in this contract and the Security Controls within this section.
Security Audits. Each Contract year, County may perform or have performed security reviews and testing. Such reviews and testing shall ensure compliance with all pertinent County security standards as well as any HCA/Environmental Health requirements such as federal tax requirements or HIPAA. (SIGNATURE PAGE FOLLOWS) County of Orange Health Care Agency Page 22 Contract MA-042-17011420
Security Audits. Contractor shall maintain complete and accurate records relating to its SOC Type II or equivalent’s data protection practices and the security of any of County Data, including any backup, disaster recovery, or other policies, practices or procedures. Further, Contractor shall inform County of any security audit or assessment performed on Contractor’s operations, information security program, or disaster recovery plan that includes County Data, within sixty (60) calendar days of such audit or assessment. Contractor will provide a copy of the audit report to County within thirty (30) days after Contractor’s receipt of request for such report. If Contractor does not perform a SOC Type II or equivalent audit at least once per calendar year, County may perform or have performed by an independent security expert its own such security audits, which may include penetration and security tests of Contractor Systems and operating environments. All such testing shall ensure all pertinent County security standards as well as any HCA/Environmental Health requirements (e.g., such as federal tax requirements or HIPAA) are in place. Contractor shall reasonably cooperate with all County security reviews and testing, including but not limited to, penetration testing. Contractor shall implement any required safeguards as identified by County or by any audit of Contractor’s data privacy and information security program. In addition, Contractor will provide to County upon request the most recent third-party SOC 2 Type II report. County may also have the right to review Plans of Actions and Milestones (POA&M) for any outstanding items identified by the SOC 2 Type II report requiring remediation as it pertains to the confidentiality, integrity, and availability of County Data. County reserves the right, at its sole discretion, to immediately terminate this Contract or a part thereof without limitation and without liability if County reasonably determines Contractor fails or has failed to meet its obligations under this paragraph.
Security Audits annual third party security audits, such as SSAE 16 SOC2, of hosting and data center providers, who also maintain current ISO 27001 certifications.
Security Audits. The Customer may, upon reasonable notice, audit (by itself or using independent third party auditors) HotelFlex’s compliance with the security measures set out in this DPA (including the technical and organisational measures as set out in ANNEX 2), including by conducting audits of HotelFlex’s data processing facilities. Upon request by the Customer, HotelFlex shall make available all information reasonably necessary to demonstrate compliance with this DPA.
Security Audits. The Controller has the right to demand security audits performed by an independent third party. The Processor shall allow for and contribute to the performance of security audits by a third party engaged by the Controller. The third party auditor shall provide a report of the security audit to both Parties. The Controller shall cover the costs for engaging its third party auditor. The Processor shall be entitled to claim compensation for assisting the Controller’s third party auditor in accordance with section 3.6 The Controller is entitled to submit audit reports to the applicable data protection authority and other third parties who are entitled to view the report.
