11. Certifications and Audits

  1. ISO‐Certification. As of the DPA Effective Date, We are not certified under ISO 27001. However, We agree to maintain an information security program for the Service that complies with the ISO 27001 standards or such other alternative standards as are substantially equivalent to ISO 27001 for the establishment, implementation, control, and improvement of ONEiO Security Standards. 

  2. Audits. We use external auditors to verify the adequacy of the security measures of the Service. This audit: (a) will be performed at least annually; (b) will be performed by independent third-party security professionals at Our selection and expense; and (c) will result in the generation of an audit report (“Report”), which will be Our Confidential Information. Such Reports will be made available to Customer subject to a mutually agreed upon non‐disclosure agreement covering the Report (an “NDA”). 

  3. Audit Reports. At Customer’s written request, We will provide Customer with a confidential Report so that Customer can reasonably verify Our compliance with Our obligations under this DPA. The Report will constitute Our Confidential Information under the confidentiality provisions of the Agreement or the NDA, as applicable. 

  4. Customer’s Independent Determination. Customer is responsible for reviewing the information made available by Us relating to data security and making an independent determination as to whether the Service meets Customer’s requirements and legal obligations as well as Customer’s obligations under this DPA. 

  5. Customer Audits. Customer agrees to exercise any right it may have to conduct an audit or inspection by instructing Us to carry out the audit described in Section 11.2. If Customer wishes to change this instruction regarding the audit, then Customer has the right to request a change to this instruction by sending Us written notice as provided for in the Agreement. If We decline to follow any instruction requested by Customer regarding audits or inspections, Customer is entitled to terminate this DPA and the Agreement. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Article is closed for comments.