GCGA Ch. 11 Third-Party Risk Management (ST) Flashcards
(10 cards)
Supply chain
includes all the elements required to produce and sell products and services. Organizations should regularly conduct a supply chain analysis that identifies all of the vendors that make up their supply chain and assesses any risks associated with those relationships.
Security controls used to assess and manage vendor relationships
include right-to-audit clauses, penetration testing, collecting evidence of internal audits, and conducting independent assessments.
Conducting due diligence
involves a thorough evaluation of potential vendors’ capabilities, credentials, reputation, and financial stability.
Conflict of interest
might arise if the vendor has business relationships that could influence their decision-making or compromise their ability to prioritize your organization’s needs.
SLA
A service level agreement (SLA) is an agreement between a company and a vendor that stipulates performance expectations, such as minimum uptime and maximum downtime levels.
MOUs
Memorandum of understandings (MOUs) expresses an understanding between two or more parties, indicating their intention to work together toward a common goal.
BPA
A business partners agreement (BPA) is a written agreement that details the relationship between business partners, including their obligations toward the partnership.
NDA
A non-disclosure agreement (NDA) is used between two entities to ensure that proprietary data is not disclosed to unauthorized entities.
MSA
Master Services Agreements (MSA) provide structure to the agreements for vendors that you will work with repeatedly. Then, when you have a new project for the vendor, you write a simple work order (WO) or a statement of work (SOW) that contains the details of that specific project and references the general terms in the MSA.
MSA
Master Services Agreements (MSA) provide structure to the agreements for vendors that you will work with repeatedly. Then, when you have a new project for the vendor, you write a simple work order (WO) or a statement of work (SOW) that contains the details of that specific project and references the general terms in the MSA.
