Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TPCRA: Lesson 2: Pre-Contract Due Diligence > Pre-Contract: 4th Party > Flashcards

Pre-Contract: 4th Party Flashcards

1
Q

4th Party

A

-Risk-based approach for Nth party
-Treat as a Vulnerability Management program
-Leverage Cyber Continuous Monitoring and Cyber Threat intake process
-Focus on only material 4th parties, where data is at, and the relationship b/t 3rd and 4th party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

4th Party Risk Based Approach

A

-Average is a dozen 4th party for each of your 3rd party
-Just starting out, start with critical vendor’s 4th parties
-In IRQ intake, ask about 4th parties
-Material could mean they have your data, they have contact with your customers, where is the data at in the relationship to the 3rd and 4th party
-Ask prior to contract
-Be focused on the intake process
-You wouldn’t necessarily be asking for this for your lower risk vendors
-Make sure you’re not taking in data you’re not going to do anything with

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 Types of Material Vendors for the Information Received

A
  1. If they will house/transfer data
  2. If they are material to product services you are receiving
  3. If they will have contact with your customers like a call center

Add in contract - they must notify if they ADD any new contractors or quit using contractors or if the contractors are bought

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

TPCRA: Lesson 2: Pre-Contract Due Diligence (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions