Third Party Vendor Risk

Question 1

What is the Vendor Selection Process similar to?

Answer 1

It is similar to hiring a new employee – you can’t judge just by appearance.

供应商选择过程就像招聘员工，不能只看表面。

Question 2

What is due diligence in vendor selection?

Answer 2

A rigorous background check that includes financials, history, reviews, and cultural fit.

尽职调查包括财务状况、运营历史、客户评价与文化契合度等多方面评估。

Question 3

What are the 4 components of due diligence?

Answer 3

1. Evaluating financial stability
2. Operational history
3. Client testimonials
4. On-the-ground cultural alignment

财务稳定性、运营历史、客户反馈、文化契合度。

Question 4

Why is it important to check for conflicts of interest when selecting a vendor?

Answer 4

To avoid biased decisions and ensure fair, transparent selection.

为防止选择偏向，确保公正与透明。

Question 5

What is a vendor questionnaire used for?

Answer 5

To assess a vendor’s operations, compliance, and technical capabilities.

供应商问卷用于了解其运营能力、合规性与技术实力。

Question 6

What is the purpose of ‘Rules of Engagement’ with vendors?

Answer 6

To define how both parties will communicate and share information securely.

指导双方如何合规、安全地互动与沟通。

Question 7

What are the 3 key elements in Rules of Engagement?

Answer 7

1. Communication protocols
2. Data sharing rules
3. Negotiation boundaries

沟通协议、数据共享规则、谈判边界。

Question 8

What is Vendor Monitoring?

Answer 8

The process of ensuring a vendor continues to meet standards over time.

持续监控供应商是否仍符合组织要求。

Question 9

What are two tools used in Vendor Monitoring?

Answer 9

1. Performance reviews
2. Feedback loops

绩效评估和双向反馈机制。

Question 10

What is a Basic Contract?

Answer 10

A general contract defining duties, penalties, and terms.

基本合同：定义职责、违约处理与条款的通用协议。

Question 11

What does an SLA define?

Answer 11

Service standards, performance metrics, and penalties.

SLA 服务级别协议：规定服务标准、性能指标及不达标的处理。

Question 12

What’s the difference between MOA and MOU?

Answer 12

MOA is formal with defined roles; MOU is informal and non-binding.

MOA 正式有约束，MOU 非正式表达意向。

Question 13

What is an MSA used for?

Answer 13

Long-term partnerships; sets general terms across projects.

MSA 主服务协议：用于长期合作，规定通用条款。

Question 14

What is an SOW?

Answer 14

A project-specific doc listing deliverables, timeline, and milestones.

SOW 工作说明书：细化交付物、时间表与里程碑。

Question 15

What is the purpose of an NDA?

Answer 15

To keep shared sensitive info confidential.

NDA 保密协议：保护合作中的敏感信息不被泄露。

Question 16

What is a BPA or JV Agreement?

Answer 16

For deep partnerships or joint ventures; defines roles, profit sharing, and IP rights.

BPA/JV 协议：用于深度合作或合资，明确分工、利润与知识产权归属。

Question 17

What is a Supply Chain Attack?

Answer 17

An attack that targets weak suppliers to reach the main target.

供应链攻击：通过薄弱供应商入侵主要目标。

Question 18

What is the CHIPS Act of 2022?

Answer 18

A U.S. law to boost domestic chip production and reduce foreign dependency.

2022芯片法案：提升美国芯片产能，减少对外国依赖，强化国家安全。

Question 19

What is Vendor Due Diligence?

Answer 19

A deep check of a vendor’s cybersecurity and supply chain practices.

供应商尽职调查：评估其网络安全与供应链管理。

Question 20

Why is Regular Monitoring & Audits important?

Answer 20

To detect suspicious activity and ensure ongoing compliance.

定期监控与审计：及时发现异常，确保持续合规。

Question 21

What does Education & Collaboration involve?

Answer 21

Sharing threat info and working with industry peers for stronger defense.

教育与协作：共享情报，行业联合防御。

Question 22

What are Contractual Safeguards?

Answer 22

Security requirements written into vendor contracts with legal consequences.

合同安全条款：合同中规定安全要求，违约可追责。