Assessments and Audits. Nectar HR agrees to reasonably cooperate with Client (including its employee users and personnel) to:
Assessments and Audits. (a) OneStream will, at least annually, cause an independent third-party provider to conduct penetration tests of the then-current release and version of the Software. OneStream will remediate any critical vulnerability revealed by such penetration test within 30 days after receipt of the report identifying such vulnerability.
Assessments and Audits. (a) Orbit shall, upon reasonable and written notice and subject to obligations of confidentiality and pursuant to a non-disclosure agreement, contribute to audits (including inspections) conducted by Customer or a third-party auditor mutually agreed upon by the parties and allow its Processing procedures and documentation to be inspected no more than annually in order to ascertain compliance with this Addendum. Such audit shall be at Customer’s sole expense. Orbit shall cooperate in good faith with audit requests by providing access to relevant knowledgeable personnel and documentation. Except as otherwise required by law, (i) Customer shall provide at least thirty (30) days prior written notice to Orbit of any requested audit; (ii) any audit shall be conducted during Orbit’s normal business hours; (iii) an audit shall not last longer than three (3) business days; and (iv) Customer and its agents and auditors shall not access Orbit’s proprietary or confidential information, except to the extent access is strictly necessary to demonstrate compliance with this Addendum and in a manner acceptable to Orbit that preserves the proprietary or confidential nature of the information.
Assessments and Audits. Service Provider will timely comply with any requests from MSI and MSI’s Affiliates for information or documentation related to this Agreement, or information that demonstrates that Service Provider and Service Provider’s Personnel are in compliance, and that the Services are being provided in accordance with this Agreement. MSI and its Affiliates will strive to consolidate such requests so as to minimize disruption. Additionally, Service Provider and Service Provider’s Personnel are subject to audits by MSI. Service Provider will comply and will require its Personnel to comply with all audits conducted by MSI. All aspects of Service Provider’s business relating to this Agreement may be audited at MSI’s request in order to confirm compliance with this Agreement. MSI will provide Service Provider no less than 5 business days’ notice of its intent to audit Service Provider. Service Provider will provide all reasonably necessary assistance to MSI when MSI conducts an audit. Any questionnaires that MSI requests during an audit must be timely completed by Service Provider or Service Provider’s Personnel.
Assessments and Audits. Assessment and audit projects may include pollution prevention assessments, environmental quality assessments, or compliance audits. • Pollution prevention assessments are systematic, internal reviews of specific processes and operations designed to identify and provide information about opportunities to reduce the use, production, and generation of toxic and hazardous materials and other wastes that may pose threats to water quality, water supply, or human health. • Environmental quality assessments are investigations of: the condition of the environment at a site not owned or operated by the responsible party; the environment impacted by a site or facility regardless if owned or operated by the responsible party; or threats to human health or the environment relating to a site or facility regardless if owned or operated by the responsible party. • Environmental compliance audits are independent evaluations of a responsible party’s compliance status with environmental requirements at a given point in time. In general, compliance audits are acceptable as SEPs only when the responsible party is a small business, small community (less than 2,500 persons), or a state or local government entity. These assessments and audits are only acceptable as SEPs when the responsible party agrees to provide the Regional Board with a copy of the report and the results are made available to the public.
Assessments and Audits. Provider shall timely respond to Customer’s reasonable request for information about its data privacy and information security programs and shall assist in data protection impact assessments and other analysis required under applicable data protection law. Provider shall further permit Customer or a third-party auditor acting under Customer's direction, to conduct, at Customer's cost and not more than once per year, an audit or assessment, subject to reasonable access arrangements and save for disclosure of information which is confidential, commercially sensitive or privileged, concerning Provider's data protection procedures relating to its compliance with this exhibit. For the avoidance of any doubt, Customer’s audit, access, and inspection rights under this clause is limited to documents and records only and does not apply to physical premises, databases or other information not strictly relating to the performance of this Agreement.
Assessments and Audits. (a) OneStream will, at least semi-annually, cause an independent third-party provider to conduct penetration tests of the then- current release and version of the Service. Upon OneStream validation, OneStream will remediate vulnerabilities within timelines which are in accordance with NIST 800-53 guidelines.
Assessments and Audits. Xyte audits its compliance with data protection and information security standards on a regular basis. Such audits are conducted by Xyte’s internal audit team or by third party auditors engaged by Xyte, and will result in the generation of an audit report (“Report”), which will be Xyte’s confidential information. Xyte shall, upon reasonable and written notice and subject to obligations of confidentiality, no more than once a year and in normal business hours, allow its data Processing procedures and documentation to be inspected by Customer (or its designee), at Customer's expense, in order to ascertain compliance with this DPA; Xyte shall cooperate in good faith with such audit requests by providing access to relevant knowledgeable personnel and documentation. At Customer’s written request, and subject to obligations of confidentiality, Xyte may satisfy the requirements set out in this section by providing Customer with a copy of the Report so that Customer can reasonably verify Xyte’s compliance with its obligations under this DPA. Data Retention and Destruction Xyte will only retain Personal Data for the duration of the Agreement or as required to perform its obligations under the Agreement, or has otherwise required to do so under applicable laws or regulations. Following expiration or termination of the Agreement, Xyte will delete or return to Customer all Personal Data in its possession as provided in the Agreement, except to the extent Xyte is required under applicable laws to retain the Personal Data. The terms of this DPA will continue to apply to such Personal Data. Notwithstanding the foregoing, Xyte shall be entitled to maintain Personal Data following the termination of this Agreement for statistical and/or financial purposes provided always that Xyte maintains such Personal Data on an aggregated basis or otherwise after having removed all personally identifiable attributes from such Personal data. Notwithstanding the foregoing, Xyte shall be entitled to retain Personal Data solely for the establishment or exercise of legal claims, and/or in aggregated and anonymized form, for whatever purpose. Indemnification Customer will indemnify Xyte and hold Xyte harmless from any cost, charge, damages, expenses or losses incurred as a result of Customer’s breach of any of the provisions of these clauses. Indemnification hereunder is contingent upon (a) Xyte promptly notifying Customer of a claim, (b) Customer having sole control of the defense and settl...
