1. Supplier’s own systems: On reasonable notice and at such times as Supplier may reasonably agree during normal business hours during the term [and for [PERIOD] following its expiry], to the extent reasonably necessary for Customer to review the Services and Supplier’s ongoing ability to perform its obligations under this Agreement (an “Audit”) Supplier must give Customer and its auditors and regulators full and unrestricted access to:
    1. The data, systems, devices and networks Supplier uses to provide and monitor its services;
    2. The results of Supplier’s security penetration testing on its applications, data, and systems;
    3. Supplier’s company and financial information;
    4. Suppliers’ external auditors, personnel, and premises.
  2. Material subcontractors: Supplier must ensure its material subcontractors make relevant records available to give effect to the Audit, provided that no party will be obliged tro disclose information that is legally privileged, would breach a duty of confidence owed to a third party.
  3. Costs: