Common use of SSAE 16 Clause in Contracts

SSAE 16. Unless otherwise expressly stated in the applicable Statement of Work, each year, starting in Supplier’s new fiscal year which follows the first Services to support SOV’s production activities, Supplier shall cause its external auditors to (i) perform a SSAE-16 SOC 2 audit, regarding those security, privacy, financial and processing integrity controls performed by Supplier that are relevant to SOV's operations, based on Supplier’s fiscal year and Supplier’s internal controls framework (the “Baseline Internal Controls Audit”), and (ii) produce an audit report in connection therewith (the “Baseline Internal Controls Audit Report”). On or about April 1st of each year, Supplier shall provide to SOV a copy of the most current Baseline Internal Controls Audit Report. The Baseline Internal Controls Audit shall be performed and the Baseline Internal Controls Audit Report shall be produced at no additional cost to SOV. In the event that SOV requests audit and reporting which are not covered by the Baseline Internal Controls Audit, such additional audit and reporting shall be (i) addressed through the Change Control Procedures, and (ii) performed by the same auditors who have performed the Baseline Internal Controls Audit, at SOV’s cost and expense, unless Supplier is subject to another SSAE-16 audit for the same or similar operations that is acceptable to SOV, in which case SOV shall be provided with a copy of that other SSAE-16 audit.

SSAE 16. Unless otherwise expressly stated in the applicable Statement of WorkTask Order, each year, starting in SupplierContractor’s new fiscal year which follows the first Services to support SOVClient’s production activities, Supplier Contractor shall cause its external auditors to (i) perform a SSAE-16 SOC 2 1 audit, regarding those security, privacy, Contractor’s internal controls over financial and processing integrity controls performed by Supplier that are relevant to SOV's operationsreporting, based on SupplierContractor’s fiscal year and Supplier’s system of internal controls framework and Contractor’s control objectives as of a specific point in time (the “Baseline Internal Controls Audit”), and (ii) produce an SSAE SOC 1 Type I audit report in connection therewith (the “Baseline Internal Controls Audit Report”). On or about April 1st of each year, Supplier Contractor shall provide to SOV Client a copy of the most current Baseline Internal Controls Audit Report. The Baseline Internal Controls Audit shall be performed performed, and the Baseline Internal Controls Audit Report shall be produced produced, at no additional cost to SOVClient. In the event that SOV Client requests audit and reporting which are not covered by the Baseline Internal Controls Audit, such additional audit and reporting shall be (i) addressed through the Change Control Procedures, applicable change control procedures and (ii) performed by the same auditors who have performed the Baseline Internal Controls Audit, at SOVClient’s cost and expense, unless Supplier Contractor is subject to another SSAE-16 audit for the same or similar operations that is acceptable to SOVClient, in which case SOV Client shall be provided with a copy of that other SSAE-16 audit.