Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TPCRA: Lesson 2: Pre-Contract Due Diligence > Pre-Contract: Contract Clauses > Flashcards

Pre-Contract: Contract Clauses Flashcards

1
Q

Contract Clauses

A

-Framework leads to the Standards that lead to the Cyber Scurity Terms & Conditions (T&C)
-Need a framework to build off of, NIST, CSF, ISO 27001
-Standard internal document
-Risk-based approach
-Critical Controls
-Which one doesn’t look like the other…(Due Diligence Questionnaire and Cyber T&Cs)?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Contract Clauses:
Critical Controls

A

-Identify critical controls
-Vary by some organizations, but generally MFA for privilege’s access, you have a security program, encryption, software development lifecycle.
-List of critical controls should be small
-These are die on the hill controls.

E.g. Microsoft, they will give you their info and you may want to focus on critical controls.
-Look at the answers in the due diligence questionnaires vs the terms and conditions, see if anything has been changed or if the answers are the same.
-Compare and contrast where they’re answering differently on more document vs the other.
-The terms and conditions are compared by the lawyers so much likely that document is most accurate so you get a decision before the contract is signed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Contract Clauses:
How do you identify Critical Controls?

A

What controls do they need to have in place to start sending them data.
-These need to be in the master service agreement not the SOW because SOW are temporary.
-You need the security control adademe in the master service agreement.
-In order for you to do your job you need other clauses
-Right to audit and right to review in the security adadum
-Right means from time to time we will do security questionnaire, on sight review, ask for evidence, and response in specific amount of time.

Noncompliance Triggers
-If not making cadiance in remediating findings or no proper controls in place
-You’ve done an assessment there’s some findings you do a more indepth review maybe onsight and there looks bad and they’re ot remediating then you can withhold money.
-If they still aren’t doing anything about it then you remove the data from their environment and put it in your or terminate the contract.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

TPCRA: Lesson 2: Pre-Contract Due Diligence (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions