I am a technology consultant. One of my clients is an academic institution.<p>Currently, a large company is looking at sponsoring some of its senior executives to a short resident program at the said institution. As part of the talks, they have put forth a requirement that the institution perform an information security audit, and share the results with them.<p>Is such a requirement frequent? Is it usually entertained? Thanks!