Auditor Commitment and Approval Form

Similar documents
NON-EXCLUSIVE LICENSE FOR USE OF SCHOOL WORDMARKS AND LOGOS

DRAFT. OCE Funding Agreement

THIS AGREEMENT is made with effect as of, 20 (the "Effective Date") BETWEEN AIR BARRIER ASSOCIATION OF AMERICA INC. ( ABAA ) and

SALES REPRESENTATION AGREEMENT *** SPECIMEN ONLY *** THIS AGREEMENT made and entered into by and among. , a. Specimen

SPFA CERTIFICATION AGREEMENT

AISGW Corporate Relations Policy

Trademark License Agreement

AGREEMENT FOR SERVICES OF INDEPENDENT CONTRACTOR

TRADEMARK LICENSE AGREEMENT

LICENSE AGREEMENT THIS AGREEMENT is dated the of, 2014.

Trademark Sublicense Agreement

SOUTHERN CALIFORNIA EDISON COMPANY ENERGY SERVICE PROVIDER SERVICE AGREEMENT

AGREEMENT WHEREAS WHEREAS, WHEREAS, NOW, THEREFORE, Grant of License.

MATERIALS TRANSFER AND EVALUATION LICENSE AGREEMENT. Carnegie Mellon University

EMC Proven Professional Program

DEALER AGREEMENT. Dealer-agreement Page 1 of 9 Initial:

JOINT MARKETING AND SALES REFERRAL AGREEMENT

LICENSE AGREEMENT WHEREAS WHEREAS, NOW, THEREFORE, Grant of License. Ownership of Marks.

FITSI AUTORIZED TRAINING CENTER AGREEMENT

DATABASE AND TRADEMARK LICENSE AGREEMENT

Copyright License Agreement

GREEN ELECTRONICS COUNCIL UL ECOLOGO/EPEAT JOINT CERTIFICATION LICENSE AND PARTICIPATING MANUFACTURER AGREEMENT

CHAPTER AFFILIATION AGREEMENT

TRADEMARK LICENSE AGREEMENT

License Agreement. 1.4 Named User License A Named User License is a license for one (1) Named User to access the Software.

CANADIAN COUNCIL OF MINISTERS OF THE ENVIRONMENT INC. (CCME)

Training Materials Licensing Agreement

DATA COMMONS SERVICES AGREEMENT

Sales Agent Agreement

ASTM Supplier s Declaration of Conformity Program Participant Agreement

FLEXE.COM TERMS OF SERVICE. (Last Revised: June 1, 2016)

SaaS Software Escrow Agreement [Agreement Number EL ]

EMPOWER SOFTWARE HOSTED SERVICES AGREEMENT

Warehouse Agreement. WHEREAS, Warehouse Operator is in the business of warehousing and storing goods; and

PROFESSIONAL SERVICES AGREEMENT

Remote Support Terms of Service Agreement Version 1.0 / Revised March 29, 2013

LEHMAN TRIKES USA AUTHORIZED DEALER AGREEMENT. Products for Honda Motorcycles

DAKOTA COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

LICENSE AGREEMENT. For purposes of this Agreement, the following terms shall have the following meanings:

Holy Yoga Trademark Agreement

VMWARE IT ACADEMY PROGRAM TERMS & CONDITIONS

SYMPTOM MEDIA INDIVIDUAL SUBSCRIPTION TERMS AND CONDITIONS:

WASHINGTON COUNTY PROPERTY RECORDS TECHNOLOGY AND INFORMATION SUBSCRIPTION AGREEMENT

NON-EXCLUSIVE LICENSE TO USE SERVICE MARK (Brevard County Public Schools)

PUBLICATIONS SUBSCRIPTION AND ACCESS AGREEMENT TERMS & CONDITIONS FOR SUBSCRIBERS TO THE ELECTRONIC PUBLICATIONS

MASTER SOFTWARE DEVELOPMENT AGREEMENT

Software Licensing Agreement for AnyLogic 7.3.x

Merchant Participation Agreement

INDEPENDENT CONTRACTOR TERMS OF AGREEMENT Return to the Division of Human Resources when complete. Name: Individual: Business: (mark one)

TERMS OF USE AGREEMENT

The terms defined in this Article shall have the meanings ascribed to them herein whenever used in this Agreement :

Drive Trust Alliance Member Services Agreement

OPENPOWER TRADEMARK LICENSE AGREEMENT

DRAFT Do Not Use Without Legal Review DRAFT

Premium Account Terms of Service Agreement. Statista, Inc.

ACT, Inc. ( ACT ) and Customer agree as follows: Effective Date: August 8, 2017

FFI CLUB CHARTER AGREEMENT

SEVES USA INC. PPC Insulators Division North America Purchase Order Terms & Conditions. Title and risk of loss. Governing Terms & Conditions.

NFRC Manufacturer License Agreement (FenStar)

Trustwave Subscriber Agreement for Digital Certificates Ver. 15FEB17

ORANGE AND ROCKLAND UTILITIES, INC. CONSOLIDATED BILLING AND ASSIGNMENT AGREEMENT

Standard Terms and Conditions for Sale of Goods

GENERAL TERMS AND CONDITIONS FOR THE SALE OF GOODS

RETS DATA ACCESS AGREEMENT

PURCHASE ORDER TERMS AND CONDITIONS

GENERAL TERMS AND CONDITIONS FOR THE SALE OF GOODS

HBDI Technology and Herrmann Materials Licensing Agreement

TERMS AND CONDITIONS FOR THE SALE OF GOODS AND SERVICES

Pax8 Master Service Agreement

TRADEMARK LICENSE AGREEMENT

POLE ATTACHMENT LICENSE AGREEMENT SKAMANIA COUNTY PUD

MEMBERSHIP APPLICATION

Shingle Recycling Service Agreement

Streaming Agent Referral Agreement

USA VOLLEYBALL MEMBER CLUB LOGO USE AGREEMENT. (a) Logo is the USAV Member Club logo as specified in Exhibit A.

COLLEGE OF THE SEQUOIAS COMMUNITY COLLEGE DISTRICT Board of Trustees Meeting June 8, 2015

INDEPENDENT CONTRACTOR AGREEMENT

Managed Services Provider (MSP) Agreement

QUEEN'S UNIVERSITY TRADEMARK LICENSE AGREEMENT

Contemporary Web Plus, Inc. Appointment-Plus Commissioned Reseller Agreement

INTRODUCING BROKER AGREEMENT

!! 1 Page! 2014 PEODepot. All rights reserved. PEODepot and peodepot.com are trademarks of PEODepot. INITIAL! BROKER AGREEMENT

IFBYPHONE RESELLER PROGRAM AGREEMENT

Sponsorship Application

REGISTRAR AND PAYING AGENT AGREEMENT. between CITY OF DELRAY BEACH, FLORIDA. and THE BANK OF NEW YORK MELLON TRUST COMPANY, NATIONAL ASSOCIATION

HDCP RESELLER ASSOCIATE AGREEMENT W I T N E S S E T H

Consultant Allies Terms and Conditions

OTTO Archive, LLC CONTENT LICENSE AGREEMENT

Connectivity Services Information Document

INSTITUTIONAL LICENSE TERMS OF USE AGREEMENT

RECITALS. WHEREAS, CVTD currently operates five bus routes within the City with a total of eighty-five stops along such routes;

WU contract # NON EXCLUSIVE LICENSE AGREEMENT

MWC19 Barcelona Speaker Video Footage - Terms of Use

Skyrocket LLC Terms of Use for

GREEN ELECTRONICS COUNCIL UL ECOLOGO/EPEAT JOINT CERTIFICATION PROGRAM PARTICIPATING MANUFACTURER AGREEMENT

prototyped TEAM Inc. o/a MadeMill

CENTRAL HUDSON GAS & ELECTRIC CORP. CONSOLIDATED BILL BILLING SERVICES AGREEMENT

SPONSORSHIP APPLICATION Pointe Hilton Squaw Peak Resort - Phoenix, Arizona February 17 19, 2017

(ISC) 2 CHAPTER AFFILIATION AGREEMENT

GREEN ELECTRONICS COUNCIL UL ECOLOGO/EPEAT JOINT CERTIFICATION PROGRAM PARTICIPATING MANUFACTURER AGREEMENT

Transcription:

Auditor Commitment and Approval Form Firm Name Firm Website Name of Person Conducting the Audit Name of Privacy+ Applicant Company to Be Audited Third party-audit of the Privacy+ requirements must be performed by a qualified CPA firm. The CPA firm must have prior experience performing assessments according to Statement on Standards for Attestation Engagements No. 16, must be registered with the PCAOB, properly licensed directly or through NASBA substantial equivalency in the state in which the member operates, and maintaining either a CISA or CISSP certification. Does the auditing firm meet the above standards? o Yes o No If no, then please describe how exactly the firm does not meet these standards: Is this Accounting Firm or individual CPA employed by the company being audited? o Yes o No In which country(s) will you be auditing the applicant s facilities? How many total facilities* does the applicant operate in these countries? How many of the total facilities do you plan to physically inspect for the audit? My firm and I have reviewed the materials in the Privacy+ Handbook and agree to comply with the procedures and requirements in conducting a Privacy+ Audit. We further state that the information submitted on this Auditor Commitment and Approval Form is correct and accurate. Signature of Person Doing the Review Signature of CPA Who Will Oversee the Audit If Different *A facility is defined as a building in which hard-copy records and/or off-line computer media are stored. Multiple storage buildings within the same general vicinity that do not share a common wall with the adjacent buildings are considered separate facilities. Send this to PRISM with your application. If you use an auditor other than Kirkpatrick Price, make sure to send this form and get approval before the audit is conducted. PRISM Office Use Only Auditor is accepted? Processed 10

Privacy+ Application Form Company Name Contact Person for Privacy+ City Postal Code/ZIP Phone Province/State Country Fax Website Are you a current member of PRISM International? o Yes o No Will you be using Kirkpatrick Price for the Privacy+ Audit? o Yes o No In which country(s) do you seek to be Privacy+ Certified? How many total facilities* does your company operate in these countries? If you have chosen to exclude any facilities, please explain why. Our company has reviewed the Privacy+ Certification Handbook and intends to seek Privacy+ Certification. Enclosed please find our o Signed Licensing Agreement o SOC2 Report and signed Audit Form C (only for those using SOC2 process) o Auditor Commitment and Approval Form o I understand that I will be invoiced by PRISM International in advance for application fees, audit fees (if I am using Kirkpatrick Price), and the 2-year licensing fees. After my company has paid the upfront fees, it may proceed with the Privacy+ Audit. o I understand that should the number of facilities or scope of the audit change during the course of the audit, PRISM International reserves the right to adjust the fees associated with Privacy+ to match the revised number of facilities or audit scope. *A facility is defined as a building in which hard-copy records and/or off-line computer media are stored. Multiple storage buildings within the same general vicinity that do not share a common wall with the adjacent buildings are considered separate facilities. The only reason a facility should be excluded is if teh location does not include storage of hard-copy records and/or off-line computer media. Payment (must accompany registration) o o o o o Check (enclosed) $25 will be charged for rebilling a credit card charge. A 3% processing fee will be applied to all credit card payments greater than or equal to $5,000. In the event of a miscalculation, I authorize PRISM to charge to my credit card an amount PRISM reasonably deems to be accurate. Make check payable to PRISM International. Checks not in U.S. funds will be returned. CK# A charge of $25 will apply to checks returned for insufficient funds. Account number Expiration date Signature Cardholder s name (please print) 11

Audit Report Form A Auditor submits only to company being audited after completion of audit (DO NOT SUBMIT TO PRISM INTERNATIONAL) Name of Company Being Audited Contact Name Country(s) for Which Privacy+ Certification Is Being Sought Phone Auditor s Name (Print) Auditor s Signature Firm Name Indicate your assessment of whether this company meets each of the Privacy+ control objectives listed below. Areas Control Objective 1 Organization and Management Control Controls provide reasonable assurance that management provides oversight, segregates duties, and guides employee behavior through a formal program. Control Objective 2 Information Security Policy Controls provide reasonable assurance that management has implemented an information security program that governs the implementation of security practices. Control Objective 3 Risk Assessment Controls provide reasonable assurance that management has implemented a risk assessment function to identify new risks or changes to the environment that would necessitate the modification of controls. Control Objective 4 Human Resources Controls Controls provide reasonable assurance that employees and contractors understand their security responsibilities and are suitable for the roles for which they are considered. Control Objective 5 Vendor Management Controls provide reasonable assurance that third parties understand their security responsibilities and are capable of following the organization s security requirements. Control Objective 6 Physical Access Controls Controls provide reasonable assurance that unauthorized access to secure areas in the corporate administrative and information storage sites is prevented. Control Objective 7 Environmental Controls Controls provide reasonable assurance that negative impact from environmental factors is effectively mitigated. Control Objective 8 Logical Access Controls Controls provide reasonable assurance that logical access mechanisms are in place to appropriately restrict access to applications, data, network resources, and operating systems. Control Objective 9 Network Security Controls provide reasonable assurance that best practices have been implemented to restrict unauthorized access to internal network resources. Control Objective 10 Electronic Access to Client Information Controls provide reasonable assurance that best practices have been implemented to protect client information that is stored or transmitted via electronic means. Meets (X) Does not meet (X) Comments 12

Audit Report Form B Auditor* submits to company being audited and PRISM International after completion of audit Name of Company Being Audited Name of Auditing Firm Auditor/Contact Name City Province/State Postal Code/ZIP Country Phone Fax Website Country(s) for which Privacy+ certification is being sought Total # of company facilities** in country(s) where certification is being sought Actual # of company facilities physically inspected by auditor pursuant to Privacy+ audit (es) of facilities where certification is being sought (attach separate listing as necessary) Audit Status: : The Company meets, at all of its facilities in the above-referenced country(s), in all material respects and without qualification, all control objectives effective as of today s date, as listed in the Privacy+ Certification Handbook. : The Company does not meet the control objectives effective as of today s date. We certify that the above-mentioned company, as of the dates noted in the date field above, has been audited according to either the SSAE 16, SOC2, or ISAE 3402 standard. We certify that the most recent date listed above indicates the results or status of our audit. Auditor s Name (Print) Auditor s Signature PRISM Office Use Only Received: Processed: *Auditors must meet certain qualifications to perform audits pursuant to Privacy+. Please see Privacy+ Auditor Commitment and Approval Form. **A facility is defined as a building in which hard-copy records and/or off-line computer media are stored. Multiple storage buildings within the same general vicinity that do not share a common wall with the adjacent buildings are considered separate facilities. 13

Audit Report Form C SOC2 Process This form is to be used by applicant firms who are choosing to use the SOC2 process for Privacy+. Send this form to PRISM only with application and license agreement. Company Name Contact Person for Privacy+ City Postal Code/ZIP Phone Province/State Country Fax Website To achieve Privacy+ certified status, companies must establish internal controls designed to meet the Privacy+ standards found on pages 8 and 9. Company participants are required to undergo a successful audit of their operations by a third-party auditor, with such audits typically being completed according to the Statements and Standards for Attestation Engagements (SSAE) 16 standard (American Institute of Certified Public Accountants [AICPA]) in the United States (also known as SOC1), or the International Standard on Assurance Engagements (ISAE) 3402 standard (International Auditing and Assurance Standards Board [IAASB]) internationally. SOC1 in itself does not necessarily cover the current ten Privacy+ objectives, which is why audits completed according to SOC1 require a supplemental form PRISM Auditor Form B sent to PRISM International headquarters to verify that a company that has applied for Privacy+ certification does fulfill these control objectives. Privacy+ participants may also satisfy the audit requirement with the more comprehensive SOC2 audit, which includes the Security Principle. Independent auditing professionals have verified that the SOC2 Security Principle covers, in all material respects, the current Privacy+ objectives. Three critical factors need to be verified to insure the use of a SOC 2 Report to validate Privacy+ compliance. 1. Does the report contain an unqualified opinion? An unqualified opinion means the auditor found no concern relevant enough to qualify his or her auditor opinion that the service organization met the requirements. o yes or o no 2. Does the report cover the relevant scope? The report must cover all services and locations within the scope of Privacy+; physical record centers. o yes or o no 3. In the case of a Type II Report, are there any relevant exceptions that would indicate noncompliance with the Privacy+ requirements? The audit report will indicate any exceptions found as a result of the audit. o yes or o no To apply for Privacy+ status using a successful SOC2, report, please send in this form with a copy of your SOC2 report. The SOC2 report must have been completed within 1 year of applying for Privacy+ certification. Privacy+ certification is granted on a country by country basis. This audit includes facilities located in the following country: PRISM International will keep this SOC2 report confidential, and will not show it to anyone outside of appropriate PRISM International staff, with the one potential exception noted below. By sending in this form, the applicant agrees the report contains an unqualified opinion, the report covers the relevant scope, and there are no relevant exceptions that would indicate noncompliance with the Privacy+ requirements. By sending in this form, the applicant agrees that PRISM International has permission to seek the opinion of a qualified auditing professional should there be any question whether the SOC2 audit is unqualified, covers the relevant scope, or includes any relevant exceptions. Signature of Applicant Company 14

License Agreement Please complete the information requested in this License Agreement. Make a copy and sign both copies. Return both signed copies to PRISM International. One copy will be executed by PRISM International and returned to you for your records. Company City Postal Code/ZIP Contact Person Fax State/Province Country Phone List Other Facility Locations (Attach sheet if necessary) The above company hereby applies to PRISM International (Association) for a license to display the Privacy+ logo in conformance with the terms of this License Agreement. PRISM International s obligations and agreements, as set forth herein, are expressly conditioned precedent upon the company s continued compliance with the terms and conditions set forth in this Agreement and the Privacy+ Certification Handbook. 1. General 1.1 Definitions: When used in this Agreement, the following terms shall have the following meaning: A. Privacy+ Mark: The trademark and logo owned by PRISM International and licensed to companies upon completion of the Privacy+ certification process. B. Company: A for-profit records and information management outsourcing company applying for Privacy+ certification. Examples include commercial records centers and media vault operations. C. Auditor: Auditing Firm that is approved by PRISM International to assess whether the Company has fulfilled the requirements of Privacy+. D. Certification/Certified: Certification by PRISM International, with reliance on an Auditor s report, that the Company conforms to the requirements of Privacy+ standards as set forth in the Privacy+ Certification Handbook. E. Audit: Report issued to Company by Auditing Firm. F. Committee: The PRISM Privacy+ Task Group or its successor. G. Effective : The date on and after which a Privacy+ certified company or new applicant shall conform to Privacy+ requirements, as acknowledged in writing by PRISM International. 1.2 This Agreement shall be governed by the laws of the State of Illinois. 1.3 Any notice required hereunder shall be deemed to be delivered if accurately addressed and deposited in e-mail, United States mail, first class postage prepaid or, if an offshore company, in the mail service of its country. 1.4 Invoices issued by PRISM International shall be paid within 30 days. Any account not resolved within 60 days after the date of invoice shall be cause for revocation of this License Agreement. Reinstatement of this Agreement is obtained upon the payment of all outstanding charges plus a $100 reinstatement fee. If reinstatement is not obtained, PRISM International may after 90 days, inform the company of the revocation. 1.5 Privacy+ certification shall be conducted under requirements set forth in the Certification Handbook in effect at the time of the initial or any subsequent Audit. 1.6 The certified company is encouraged to use the Privacy+ Mark. 1.7 Companies and their Auditors are expressly instructed not to submit detailed results of their audits. Any information related to an audit or certification shall not be divulged to any person or persons except (a) by the company or (b) by PRISM International in response to a subpoena or other legal process. PRISM International has no duty or obligation to resist responding to a validly issued subpoena or other legal requirement. PRISM International, however, shall immediately notify any company of any subpoena directed towards the company. If the company elects to divulge an Audit report, it shall only be the complete report together with any Auditor disclaimer that is included. PRISM International shall agree in writing to hold in strict confidence any and all confidential information provided by company or relating to company s procedures. It shall not be a breach of confidentiality for PRISM International to divulge the audits or results of audits if provided in response to a subpoena or other legal process, or as otherwise required by law. 1.8 If a certified company s procedures are altered or changed by the certified company to the extent that it is reasonable to assume that its certification would be affected, in order to retain certification such altered or changed procedures shall be approved by the Auditor either by analysis or Audit. 1.9 The certified company is permitted to be any company whether or not a member of PRISM International. 2. Privacy+ Mark License 2.1 Solely to identify procedures that are Privacy+ certified according to the terms of this Application and Agreement, the certified company is hereby granted a non-exclusive, non-transferable, and revocable license ( License ) to affix PRISM International s Privacy+ Mark. 2.2 The License granted in 2.1 is expressly conditioned, however, upon full and continued compliance with all the terms and conditions set forth in this License Agreement, including the following: A. The certified company remains in compliance with the Certification Handbook and procedures set forth in this Application and Agreement, and is limited to the use of the Privacy+ Mark during the period of certification. B. The certified company shall always accompany PRISM International s Privacy+ Mark with the symbol. 2.3 By accepting this License, the certified company hereby acknowledges that PRISM International exclusively and validly owns the Privacy+ Mark, in all its right, title, and interest. The certified company expressly waives any rights it might have or ever had to contest such ownership and agrees not to do or cause any act contesting or in any way impairing or tending to impair PRISM International s ownership, right, title, and interest. The certified company acknowledges and agrees that: (i) it shall not use the Privacy+ Mark in a manner likely to diminish the Privacy+ Mark s commercial value; (ii) it shall not knowingly use or permit the use of any mark, name, or image likely to cause confusion with the Privacy+ Mark; 15

(iii) all goodwill associated with use of the Privacy+ Mark shall inure to PRISM International; (iv) the Privacy+ Mark is and shall remain the sole property of PRISM International; and (v) nothing in this Agreement shall confer certified company any right of ownership in the Privacy+ Mark, and certified company shall not make any representation to that effect, or use the Privacy+ Mark in a manner that suggests that such rights are conferred. 2.4 The scope of this License is worldwide. 2.5 PRISM International expressly reserves its rights to grant similar licenses to other entities complying with procedures covered by Privacy+ guidelines whether or not such other procedures compete with the certified company s procedures. 2.6 Upon request of Association Counsel, the certified company hereby agrees to provide a representative sample of any electronic or printed advertisement, literature, or label prepared by the certified company using the Privacy+ Mark. Upon request of Association Counsel, the certified company further agrees to provide any modification thereof, requested within a 30 day time period. The certified company agrees not to alter or modify the Privacy+ Mark. 2.7 The license herein granted to the certified company is non-assignable or otherwise divisible or transferable without PRISM International s prior written consent. Such consent is permitted to be withheld at the sole and absolute discretion of PRISM International. Any such assignment or transfer without such consent shall be null and void and of no effect and may invalidate the certification as determined by PRISM International. In issuing this License, PRISM International assumes no liability for the acts or omissions of the certified company, its directors, officers, owners, partners, employees, or agents. Except for claims of trademark infringement related to the Privacy+ Mark, the certified company shall indemnify and hold harmless PRISM International, its officers, directors, members, and agents in connection with any claim or cause of action against any of the same brought by a third party based on any act or omission of the company, its directors, officers, owners, partners, employees or agents, including judgments, settlements, costs, and attorneys fees associated with such claims or causes of action. 2.8 PRISM International shall regularly publish a listing and website updates of the companies that have been Privacy+ certified, are in good standing, and who are permitted to use the Privacy+ Mark. 2.9 A license fee, which is separate and apart from any other fee or payment set forth in this Application and Agreement, shall be calculated and paid in conformance with the Privacy+ Fee Schedule. License fees shall be paid within 30 days of receipt of the invoice. Any failure to make a license payment within 60 days shall result in the immediate and automatic revocation of the license herein granted. Reinstatement is effected in accordance with Section 1.4 herein. 2.10 Any report issued by the Auditor shall not be used or in any way offered as evidence of Privacy+ certification by the company except as to procedures while such certification was in effect. The issuance or effective period of the audit report shall be contingent upon compliance in all respects by the company with the provisions of this application and the Certification Handbook. 2.11 Upon termination of this License Agreement for any reason, the certified company shall not thereafter use PRISM International s Privacy+ Mark until such time as approved in writing by PRISM International. 2.12 The certified company, its directors, officers, owners, partners, employees and agents shall at all times perform their professional obligations in compliance with applicable federal, state, and local laws and regulations and shall not undertake any act or omission that may bring disrepute upon PRISM International or the records and information management profession. 3. Inspection and Continued Certification Testing 3.1 The certified company shall furnish for inspection at either the company s place of business, other point of operation, or elsewhere as coordinated with the Auditor, current procedures of the company. The company shall maintain with the Auditor a current listing of all places of operation. 3.2 The company shall at all times cooperate with the Auditor to facilitate inspections. 3.3 Renewal or continuation of Privacy+ certification shall be based upon conformance by the company with the provisions of this Application and the Certification Handbook. 4. Updates to Privacy+ Requirements 4.1 Upon establishment of the effective date for new or revised requirements applicable to any Privacy+ certification, PRISM International shall promptly issue a revised Certification Handbook. 5. Procedures Improperly Indicating Privacy+ Certification 5.1 If PRISM International becomes aware of any certified company using any marking purporting to indicate that a company is Privacy+ certified, when in fact such company does not conform in all details with the requirements, PRISM International shall give notice of such fact to certified company. The certified company shall forthwith stop use of the Privacy+ certification mark. If the certified company wishes to pursue an appeal Section 6 would apply. 5.2 If certified company fails to cease and desist, the PRISM International Board of Directors has the right to pursue legal action. 6. Appeal Procedures 6.1 The certified company shall have the right to appeal PRISM International s actions provided such actions are not related to the Audit performed by the independent third party Auditor and any issue a certified company has with an Auditor must be addressed directly with the auditor. PRISM International within 30 days of the appeal by the certified company shall conduct a non-binding hearing. If the hearing is not successful, the certified company shall within 15 calendar days notify PRISM International in writing of its intention to seek arbitration. The arbitration and the selection of the arbitrator shall proceed under the rules of the American Arbitration Association or its successor. Such arbitration shall take place in Chicago, IL. Both parties agree to be bound by the decision of the arbitrator, which shall be made in writing and which shall set forth a factual basis for any conclusions made therein. Any decision of the arbitration panel may be submitted to a court of proper jurisdiction for enforcement. Any costs related the arbitration process shall be paid by the certified company in full. If the ruling is in favor of the certified company, PRISM International will reimburse 50% of the expenses related to the arbitration process. 6.2 The hearing shall be scheduled on a date that allows the certified company sufficient time to prepare and which is at least 30 days after the certified company indicates its intention to appeal. The certified company may attend the arbitration hearing, be heard, and be represented by counsel. The certified company may participate via phone. 6.3 Nothing herein shall prevent PRISM International from taking such legal means as necessary to stop illegal or infringing use of the Privacy+ Mark, including the right to an injunction restraining any certified company from breach of PRISM International s rights in the Privacy+ Mark. 7. Cancellation and Revocation of Application of Privacy+ Certification 7.1 In the event of a violation of any of the provisions of this Application or the terms herein by the certified company and upon written notice specifying such violation mailed to the certified company, PRISM International shall, in addition to any other remedy it has at equity or law, have the right to: (a) cancel this Application and Agreement and (b) revoke and discontinue any or all certifications issued to the applicant, including the License granted in Section 2. herein. Termination of this Agreement shall also terminate certified company s Privacy+ certification provided, however, that Sections 1.7, 2.8, 2.9, 2.13, 6., 7., and 8. shall be preserved and continued in effect. 8. Liability Limitations 8.1 In further consideration of the Auditor conducting reviews, the certified company hereby releases PRISM International, its officers, directors, members, and agents from any and all claims or loss, damage, or injury, of any nature whatsoever, arising out of or connected with such audits or denial of Certification as a result thereof, or the revocation or cancellation of same under the conditions herein set forth. 8.2 In addition to the provisions of 8.1, if certified company shall (a) wrongfully represent (by wrongful use marking indicating Privacy+ certification or otherwise) that it is certified, the company shall indemnify and hold harmless PRISM International from all liability and expense, including reasonable attorney s fees, imposed upon PRISM International by reason of such misrepresentation by the company or by reason of damage or injury resulting directly or indirectly from said Privacy+ certification. 8.3 Neither PRISM International nor the certified company shall be responsible or liable for delay or failure to perform the covenants to be performed on its part hereunder if such delay or failure is due to bombings, invasions, or other acts of war by either armed forces of the United States or any other nation or territory, insurrection, riot, strike, earthquake, fire, flood, or acts of God or actual inability to obtain materials, or personnel to perform services, or other conditions beyond the reasonable control of the applicant or the certified company whether of the kind or nature specified herein or otherwise. 8.4 This Application shall become a contract between the certified company and PRISM International upon its acceptance in the space below, by PRISM International; it being mutually agreed that this instrument and its appendices upon such acceptance, contains all, and the only agreements between PRISM International and the certified company, and that no agent or representatives of either party has made any statements, representations, or arguments, verbal or written, modifying, contradicting, or adding to these terms and conditions. 9. Revisions and Terms 9.1 PRISM International reserves the right to make revisions to the Certification Handbook, the Application and the Agreement and to issue a new Agreement which will become a contract between the certified company and PRISM International when accepted in writing by both parties. 9.2 Unless terminated earlier pursuant to Section 7 or upon election of certified company not to recertify, this application shall be valid for 2 years from the date of acceptance by PRISM International. 10. Miscellaneous 10.1 If any covenant or other provision of this Agreement is invalid, illegal, or incapable of being enforced by reason of any rule of law, administrative order, judicial decision or public policy, all other conditions and provisions of this Agreement shall, nevertheless, remain in full force and effect. The parties shall make changes to this Agreement as are necessary to cure the invalidity, consistent with the original objectives of the parties. 10.2 Nothing in this Agreement or the relations between the parties to this Agreement shall be construed to constitute a partnership or joint venture between or among the parties to this Agreement. Certified company shall have no right or authority to bind or obligate PRISM International in any manner whatsoever and shall not expressly or impliedly incur any liability or obligation on behalf of PRISM International. 16

10.3 Any notice or demand required or permitted by this Agreement shall be in writing and shall be deemed given when received by the parties at the address set forth above. 10.4 For purposes of this Agreement, a document (or signature page thereto) signed and transmitted by facsimile machine or telecopier is to be treated as an original document. The signature of any party thereon, for purposes hereof, is to be considered as an original signature, and the document transmitted is to be considered to have the same binding effect as an original signature on an original document. At the request of any party, any facsimile or telecopy document is to be re-executed in original form by the parties who executed the facsimile or telaecopy document. No party may raise the use of a facsimile machine or telecopier or the fact that any signature was transmitted through the use of a facsimile or telecopier machine as a defense to the enforcement of this Agreement or any amendment or other document executed in compliance with this Section. 10.5 This Agreement may be executed by the parties on any number of separate counterparts, and all such counterparts so executed constitute one agreement binding on all the parties notwithstanding that all the parties are not signatories to the same counterpart. 10.6 All rights not specifically granted and licensed to certified company herein are reserved to PRISM International. 10.7 This Agreement contains the entire agreement and understanding between the parties and may not be modified or amended except by written agreement executed by both of the parties. For the Year Commencing () Applicant Company By (Signature of Owner or Principal) Owner or Principal s Name (Print) PRISM International hereby accepts the above application and agrees to the terms hereof. PRISM International Signature Executive Director 17

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback