from Hacker News

I am a technology consultant. One of my clients is an academic institution.

Currently, a large company is looking at sponsoring some of its senior executives to a short resident program at the said institution. As part of the talks, they have put forth a requirement that the institution perform an information security audit, and share the results with them.

Is such a requirement frequent? Is it usually entertained? Thanks!