Contract Management

Hello,

I am looking for sample verbiage for contracts to ensure we have access to due diligence as we need it based on risk, this may be financials for a private company, requesting physical copies vs just access to a data room with read only access. 

I have been asked to provide a list of documents we require, but as you know that can change from vendor to vendor and that is not practical. 

So is there a generic term that states we have the right to receive due diligence per regulation guidelines including but not limited to the FFIC, CFPB, and NCUA?

Can you all provide samples of what you add to your contracts that you can leverage for a full due diligence package?

I really appreciate it. 

I believe it's typically referred to as a "Right to Audit" clause.

I have used, and been subject to, the Right to Audit clause in agreements. It gives the customer the right to conduct or have conducted for them, an annual audit. This usually is limited to Security or GCCs. It should be adaptable to other areas, i.e. financial reporting, incidents, etc.

the receiving party, and any party receiving Confidential Information that is NPI from the receiving party or its Representatives, will at all times have in place an information security program with respect to such NPI that is designed to fulfill the objectives set forth in the "Standards for Safeguarding Customer Information", 67 Fed. Reg. 36484, May 23, 2002 (codified in 16 C.F.R. part 314, "GLBA").  The Representatives will, upon request no more frequently than annually or after a significant security event, provide materials that evidence the information security program.  The receiving party's obligations under this Agreement and its obligation to maintain an information security program with respect to such NPI, shall survive for as long as that party holds any NPI.  Representatives certify that they comply with the Interagency Standards for Safeguarding Customer Information issued pursuant to the GLBA.