Security Audits. Each Contract Year, County may perform or have performed security reviews and testing based on an IT infrastructure review plan. Such testing shall ensure all pertinent County security standards as well as any customer agency requirements, such as federal tax requirements or HIPPA.
Security Audits. During the term of this Agreement and thereafter, for as long as Agency retains Client Customer Information, Client, the Client’s clients, Agency representatives and agents will be entitled to conduct audits of Agency’s relevant operations, facilities, systems, etc. to confirm that Agency has complied with the Information Security Program Requirements (the “Security Audits”). Any Security Audit shall be scheduled and conducted during normal business hours and shall not unreasonably interfere with Agency’s business activities. In the event that any Security Audit results in the discovery of material security risks to Client Customer Information, or violations of applicable federal and state consumer privacy laws, rules, and regulations, Agency shall (i) respond to Client in writing with Agency’s plan to promptly take reasonable measures and corrective actions necessary to effectively eliminate the risk or cure the violation, at no cost to Client, and (ii) allow Client and the Client’s clients to review any system and transaction logs related thereto which pertain to Client’s information or data potentially compromised. Agency shall have five (5) business days to cure such security risk or violation, unless the parties mutually agree in writing to a longer period of time for such cure. Client’s right, and the right of the Client’s clients, Agency representatives and agents, to conduct a Security Audit, and any exercise of such right, shall not in any way diminish or affect Agency’s duties and liabilities under this Agreement.
Security Audits. Vendor will perform, or cause to have performed, once each year, audits of the privacy, data and physical security procedures and controls in effect at the Vendor Locations where Services are provided. Vendor will promptly provide to Prudential the results, including any findings and recommendations made by Vendor's auditors, of such audits in accordance with S.A.S. (Statement of Auditing Standards) 70. Prudential may, pursuant to this Agreement, perform the audits described in this Section.
Security Audits. Contractor shall maintain complete and accurate records relating to its system and Organization Controls (SOC) Type II audits or equivalent’s data protection practices, internal and external audits, and the security of any of County-hosted content, including any confidentiality, integrity, and availability operations (data hosting, backup, disaster recovery, external dependencies management, vulnerability testing, penetration testing, patching, or other related policies, practices, standards, or procedures). Contractor shall inform County of any internal/external security audit or assessment performed on Contractor’s operations, information and cyber security program, disaster recovery plan, and prevention, detection, or response protocols that are related to hosted County content, within sixty (60) calendar days of such audit or assessment. Contractor will provide a copy of the audit report to County within thirty (30) days after Contractor’s receipt of request for such report(s). Contractor shall reasonably cooperate with all County security reviews and testing, including but not limited to penetration testing of any cloud-based solution provided by Contractor to County under this Contract. Contractor shall implement any required safeguards as identified by County or by any audit of Contractor’s data privacy and information/cyber security program. In addition, County has the right to review Plans of Actions and Milestones (POA&M) for any outstanding items identified by the SOC 2 Type II report requiring remediation as it pertains to the confidentiality, integrity, and availability of County data. County reserves the right, at its sole discretion, to immediately terminate this Contract or a part thereof without limitation and without liability to County if County reasonably determines Contractor fails or has failed to meet its obligations under this section.
Security Audits. 3.1. DCC shall be entitled to carry out such security audits as it may reasonably deem necessary in order to ensure that the Contractor maintains compliance with the Contractor security policy and the Security Management Plan, the specific security requirements set out in this contract and the Security Controls within this section.
Security Audits. The Processor agrees that its organisation, data processing facilities, relevant security measures, use of sub-contractors and any other aspect at any time relevant to the purpose of this Agreement and the relevant Data protection legislation may be subject to audits and inspections by the Controller or a third party on behalf of the Controller. The purpose of such audits shall be for the Controller to verify that the Processor complies with requirements of the Agreement, this Data Processing Agreement and applicable legislation. Such audits shall not be made more than once annually, unless the Controller has reason to believe that there are discrepancies as set out in Section 2.4 above. The Controller has the right to demand regular security audits, performed by an independent third party. The third party will deliver a report that will be delivered to Controller upon request.
Security Audits. Each Contract year, County may perform or have performed security reviews and testing. Such reviews and testing shall ensure compliance with all pertinent County security standards as well as any HCA/Environmental Health requirements such as federal tax requirements or HIPAA. (SIGNATURE PAGE FOLLOWS) County of Orange Health Care Agency Page 22 Contract MA-042-17011420
Security Audits. The Controller has the right to demand security audits performed by an independent third party. The Processor shall allow for and contribute to the performance of security audits by a third party engaged by the Controller. The third party auditor shall provide a report of the security audit to both Parties. The Controller shall cover the costs for engaging its third party auditor. The Processor shall be entitled to claim compensation for assisting the Controller’s third party auditor in accordance with section 3.6 The Controller is entitled to submit audit reports to the applicable data protection authority and other third parties who are entitled to view the report.
Security Audits annual third party security audits, such as SSAE 16 SOC2, of hosting and data center providers, who also maintain current ISO 27001 certifications.
Security Audits. At least once a year, Graylog Cloud undergoes a security audit by an independent third party that attests to the effectiveness of the controls Graylog has in place to safeguard the systems and operations where Customer Content is processed, stored, or transmitted (e.g., System and Organizational Control (SOC 2), Type 2) audit in accordance with the Attestation Standards under Section 101 of the codification standards (AT 101). Upon request, Graylog will supply Customer with a summary copy of Graylog’s annual audit reports, which will be deemed Confidential Information under the Agreement.
