Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TPCRA: Lesson 7: Reporting & Analytics > Reporting & Analytics: Contract Language and Risk Acceptance > Flashcards

Reporting & Analytics: Contract Language and Risk Acceptance Flashcards

1
Q

Contract Language

A

-Variances
-Enforceability: very important
-Incident Notification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Contract Language:
Incident Notification

A

-Make sure this language is in the contract and you clearly articulate how to report on this.

-Needs to be clearly mapped out.

-You have a delineation that are higher risk to your organization that you have a team that gets together should legal, compliance, regulatory.

-Don’t treat all events or all incidents the same.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk Acceptance Overview

A

-If risk remediation cannot be performed, the next step is to escalate the risk and continue through an acceptance process.

-Your TPRM program should be prescriptive in the risk escalation and acceptance process.

-It should also be widely recognized and supported by your leadership.

-Furthermore, certain levels of leadership should be responsible for accepting specific levels of risk.

-Low
-Medium
-High
-Critical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Processing Risk Acceptance 1.

A

-Process for how risk acceptances are done and this is a risk based approach based on the risk to your organization.

-You don’t want all risks to be approached by the same individual.

-Need to have escalating risks approached by other’s where it makes sense.

-If you work for a decent sized organization and it’s finance and there’s commercial, retail, personal banking, inclurance, the commercial leding piece gets a risk acceptance and it’s a low or medium, when and if the vendor is breached no one will make a difference between the department that accepted the risk the name will say the whole organization made the mistake.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Processing Risk Acceptance 2.

A

-The risk didn’t just go away, you just accept it for a period of time. This need to be accepted on an annual basis as potential threats and vulnerabilities are tracked and reported on as they add to the risk of the overall vendors.

-Risk acceptance done by contract limits, if your department cannot sign based on monetary amount then the risk can be accepted based on who can accept what contract.
-E.g. low and medium = business level, high and critical = executive level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

TPCRA: Lesson 7: Reporting & Analytics (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions