5.3 Explain the processes associated with third-party risk assessment and management

What is a Right-To-Audit?

This is a legal agreement to have the option to perform a security audit at any time to ensure that the data holder is following best security practices before a breach occurs.

What is an independent assessment?

This is a person or company that are able to provide you additional information or guidance when improving security. This can be useful as sometimes it takes someone on the outside to see the weakness in your security.

What does SLA mean what does this do?

SLA stands for Service Level Agreement. This is the minimum terms for services provided that can include uptime, response time, etc.

What does MOU stand for and what does this do?

MOU stands for Memorandum of Understanding. This is not a legal contract and that outlines common goals between 2 companies.

What does MOA stand for and what does this do?

MOA stands for Memorandum of Agreement. Similar to MOU, both companies agree to the objectives or interests. This is a legally binding agreement between two or more parties that outlines the rights, obligations and responsibilities of each party.

What is a MSA and what does this do?

MSA stands for Master Service Agreement. This is a legal contract and agreement of terms. This is used to describe the negotiations such as payment information, future projects and a framework for later transactions.

What does SOW stand for and what does this do?

SOW stands for Statement of Work. This specifies a list of items to be completed and is often used in conjunction with MSA.

What does BPA stand for and what does this do?

BPA stands for Business Partner Agreement. This is a legal contract between 2 or more parties that defines each parties roles, contributions and responsibilities.